{
"properties": {
"displayName": "CSA CSA Cloud Controls Matrix v4.0.12",
"policyType": "BuiltIn",
"description": "Cybersecurity framework by the Cloud Security Alliance (CSA), offering security controls specifically for cloud environments.",
"metadata": {
"version": "1.1.0",
"category": "Regulatory Compliance"
},
"version": "1.1.0",
"policyDefinitionGroups": [
{
"name": "CSA_v4.0.12_CEK_02",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_02"
},
{
"name": "CSA_v4.0.12_CEK_10",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_10"
},
{
"name": "CSA_v4.0.12_CEK_11",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_11"
},
{
"name": "CSA_v4.0.12_CEK_12",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_12"
},
{
"name": "CSA_v4.0.12_CEK_15",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_15"
},
{
"name": "CSA_v4.0.12_CEK_16",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_16"
},
{
"name": "CSA_v4.0.12_CEK_03",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_03"
},
{
"name": "CSA_v4.0.12_DSP_07",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_DSP_07"
},
{
"name": "CSA_v4.0.12_DSP_17",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_DSP_17"
},
{
"name": "CSA_v4.0.12_UEM_08",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_UEM_08"
},
{
"name": "CSA_v4.0.12_IVS_07",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IVS_07"
},
{
"name": "CSA_v4.0.12_TVM_07",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_TVM_07"
},
{
"name": "CSA_v4.0.12_IAM_01",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_01"
},
{
"name": "CSA_v4.0.12_IAM_02",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_02"
},
{
"name": "CSA_v4.0.12_IAM_04",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_04"
},
{
"name": "CSA_v4.0.12_IAM_07",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_07"
},
{
"name": "CSA_v4.0.12_IAM_10",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_10"
},
{
"name": "CSA_v4.0.12_IAM_12",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_12"
},
{
"name": "CSA_v4.0.12_IAM_13",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_13"
},
{
"name": "CSA_v4.0.12_IAM_14",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_14"
},
{
"name": "CSA_v4.0.12_IAM_15",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_15"
},
{
"name": "CSA_v4.0.12_IAM_16",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_16"
},
{
"name": "CSA_v4.0.12_IAM_06",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_06"
},
{
"name": "CSA_v4.0.12_IAM_11",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_11"
},
{
"name": "CSA_v4.0.12_LOG_07",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_LOG_07"
},
{
"name": "CSA_v4.0.12_DCS_02",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_DCS_02"
},
{
"name": "CSA_v4.0.12_DSP_05",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_DSP_05"
},
{
"name": "CSA_v4.0.12_HRS_06",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_HRS_06"
},
{
"name": "CSA_v4.0.12_TVM_04",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_TVM_04"
},
{
"name": "CSA_v4.0.12_CEK_01",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_01"
},
{
"name": "CSA_v4.0.12_CEK_08",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_08"
},
{
"name": "CSA_v4.0.12_CEK_21",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_21"
},
{
"name": "CSA_v4.0.12_AIS_07",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_AIS_07"
},
{
"name": "CSA_v4.0.12_CCC_07",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CCC_07"
},
{
"name": "CSA_v4.0.12_TVM_08",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_TVM_08"
},
{
"name": "CSA_v4.0.12_CEK_04",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_04"
},
{
"name": "CSA_v4.0.12_CEK_13",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_13"
},
{
"name": "CSA_v4.0.12_CEK_14",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_14"
},
{
"name": "CSA_v4.0.12_CEK_17",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_17"
},
{
"name": "CSA_v4.0.12_CEK_18",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_18"
},
{
"name": "CSA_v4.0.12_CEK_19",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_19"
},
{
"name": "CSA_v4.0.12_CEK_20",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_20"
},
{
"name": "CSA_v4.0.12_DSP_12",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_DSP_12"
},
{
"name": "CSA_v4.0.12_DSP_16",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_DSP_16"
},
{
"name": "CSA_v4.0.12_IAM_05",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_05"
},
{
"name": "CSA_v4.0.12_DSP_10",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_DSP_10"
},
{
"name": "CSA_v4.0.12_AIS_01",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_AIS_01"
},
{
"name": "CSA_v4.0.12_CCC_02",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CCC_02"
},
{
"name": "CSA_v4.0.12_CCC_03",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CCC_03"
},
{
"name": "CSA_v4.0.12_CCC_04",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CCC_04"
},
{
"name": "CSA_v4.0.12_CCC_05",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CCC_05"
},
{
"name": "CSA_v4.0.12_CCC_06",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CCC_06"
},
{
"name": "CSA_v4.0.12_CCC_08",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CCC_08"
},
{
"name": "CSA_v4.0.12_CCC_09",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CCC_09"
},
{
"name": "CSA_v4.0.12_CEK_05",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_05"
},
{
"name": "CSA_v4.0.12_CEK_06",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_06"
},
{
"name": "CSA_v4.0.12_CEK_07",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_CEK_07"
},
{
"name": "CSA_v4.0.12_DSP_03",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_DSP_03"
},
{
"name": "CSA_v4.0.12_DSP_08",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_DSP_08"
},
{
"name": "CSA_v4.0.12_UEM_07",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_UEM_07"
},
{
"name": "CSA_v4.0.12_LOG_05",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_LOG_05"
},
{
"name": "CSA_v4.0.12_IVS_03",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IVS_03"
},
{
"name": "CSA_v4.0.12_LOG_08",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_LOG_08"
},
{
"name": "CSA_v4.0.12_LOG_10",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_LOG_10"
},
{
"name": "CSA_v4.0.12_LOG_11",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_LOG_11"
},
{
"name": "CSA_v4.0.12_LOG_13",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_LOG_13"
},
{
"name": "CSA_v4.0.12_IAM_03",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_03"
},
{
"name": "CSA_v4.0.12_TVM_01",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_TVM_01"
},
{
"name": "CSA_v4.0.12_TVM_09",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_TVM_09"
},
{
"name": "CSA_v4.0.12_AIS_02",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_AIS_02"
},
{
"name": "CSA_v4.0.12_UEM_03",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_UEM_03"
},
{
"name": "CSA_v4.0.12_UEM_05",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_UEM_05"
},
{
"name": "CSA_v4.0.12_IVS_04",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IVS_04"
},
{
"name": "CSA_v4.0.12_IAM_08",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_08"
},
{
"name": "CSA_v4.0.12_LOG_03",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_LOG_03"
},
{
"name": "CSA_v4.0.12_HRS_04",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_HRS_04"
},
{
"name": "CSA_v4.0.12_BCR_08",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_BCR_08"
},
{
"name": "CSA_v4.0.12_DCS_06",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_DCS_06"
},
{
"name": "CSA_v4.0.12_IAM_09",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_IAM_09"
},
{
"name": "CSA_v4.0.12_DCS_05",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_DCS_05"
},
{
"name": "CSA_v4.0.12_UEM_04",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_UEM_04"
},
{
"name": "CSA_v4.0.12_UEM_12",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_UEM_12"
},
{
"name": "CSA_v4.0.12_LOG_09",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_LOG_09"
},
{
"name": "CSA_v4.0.12_GRC_04",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_GRC_04"
},
{
"name": "CSA_v4.0.12_BCR_11",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_BCR_11"
},
{
"name": "CSA_v4.0.12_STA_12",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_STA_12"
},
{
"name": "CSA_v4.0.12_DSP_04",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_DSP_04"
},
{
"name": "CSA_v4.0.12_DCS_08",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_DCS_08"
},
{
"name": "CSA_v4.0.12_UEM_02",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_UEM_02"
},
{
"name": "CSA_v4.0.12_LOG_02",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_LOG_02"
},
{
"name": "CSA_v4.0.12_AIS_04",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_AIS_04"
},
{
"name": "CSA_v4.0.12_LOG_04",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/CSA_v4.0.12_LOG_04"
}
],
"parameters": {
"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-f655e522-adff-494d-95c2-52d4f6d56a42": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-ea53dbee-c6c9-4f0e-9f9e-de0039b78023": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-3b980d31-7904-4bb7-8575-5665739a8052": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"operationName-3b980d31-7904-4bb7-8575-5665739a8052": {
"type": "String",
"allowedValues": [
"Microsoft.Security/policies/write",
"Microsoft.Security/securitySolutions/write",
"Microsoft.Security/securitySolutions/delete"
],
"metadata": {
"displayName": "Operation Name",
"description": "Security Operation name for which activity log alert should exist"
}
},
"effect-c251913d-7d24-4958-af87-478ed3b9ba41": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-47031206-ce96-41f8-861b-6a915f3de284": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-a1817ec0-a368-432a-8057-8371e17ac6ee": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-0a15ec92-a229-4763-bb14-0ea34a568f8d": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-a2a5b911-5617-447e-a49e-59dbe0e0434b": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"requiredRetentionDays-a2a5b911-5617-447e-a49e-59dbe0e0434b": {
"type": "String",
"defaultValue": "365",
"metadata": {
"displayName": "Required retention (days)",
"description": "The required resource logs retention in days"
}
},
"effect-7804b5c7-01dc-4723-969b-ae300cc07ff1": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-a1181c5f-672a-477a-979a-7d58aa086233": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-3e596b57-105f-48a6-be97-03e9243bad6e": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-3dc5edcd-002d-444c-b216-e123bbfa37c0": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-8af8f826-edcb-4178-b35f-851ea6fea615": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled",
"Deny"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"source-c26596ff-4d70-4e6a-9a30-c2506bd2f80c": {
"type": "String",
"defaultValue": "Original",
"allowedValues": [
"All",
"Generated",
"Original"
],
"metadata": {
"displayName": "Source",
"description": "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones."
}
},
"warn-c26596ff-4d70-4e6a-9a30-c2506bd2f80c": {
"type": "Boolean",
"defaultValue": false,
"metadata": {
"displayName": "Warn",
"description": "Whether or not to return warnings back to the user in the kubectl cli"
}
},
"effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"excludedNamespaces-c26596ff-4d70-4e6a-9a30-c2506bd2f80c": {
"type": "Array",
"defaultValue": [
"kube-system",
"gatekeeper-system",
"azure-arc",
"azure-extensions-usage-system"
],
"metadata": {
"displayName": "Namespace exclusions",
"description": "List of Kubernetes namespaces to exclude from policy evaluation. System namespaces \"kube-system\", \"gatekeeper-system\" and \"azure-arc\" are always excluded by design. \"azure-extensions-usage-system\" is optional to remove."
}
},
"namespaces-c26596ff-4d70-4e6a-9a30-c2506bd2f80c": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Namespace inclusions",
"description": "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces."
}
},
"labelSelector-c26596ff-4d70-4e6a-9a30-c2506bd2f80c": {
"type": "object",
"defaultValue": {},
"metadata": {
"displayName": "Kubernetes label selector",
"description": "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources."
}
},
"allowedCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Allowed capabilities",
"description": "The list of capabilities that are allowed to be added to a container. Provide empty list as input to block everything.",
"portalReview": true
}
},
"requiredDropCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Required drop capabilities",
"description": "The list of capabilities that must be dropped by a container.",
"portalReview": true
}
},
"excludedContainers-c26596ff-4d70-4e6a-9a30-c2506bd2f80c": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Containers exclusions",
"description": "The list of InitContainers and Containers to exclude from policy evaluation. The identify is the name of container. Use an empty list to apply this policy to all containers in all namespaces."
}
},
"excludedImages-c26596ff-4d70-4e6a-9a30-c2506bd2f80c": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Image exclusions",
"description": "The list of InitContainers and Containers to exclude from policy evaluation. The identifier is the image of container. Prefix-matching can be signified with `*`. For example: `myregistry.azurecr.io/istio:*`. It is recommended that users use the fully-qualified Docker image name (e.g. start with a domain name) in order to avoid unexpectedly exempting images from an untrusted repository.",
"portalReview": true
}
},
"effect-7ff426e2-515f-405a-91c8-4f2333442eb5": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-98728c90-32c7-4049-8429-847dc0f4fe37": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-5450f5bd-9c72-4390-a9c4-a7aba4edfdd2": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-33936777-f2ac-45aa-82ec-07958ec9ade4": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits-33936777-f2ac-45aa-82ec-07958ec9ade4": {
"type": "string",
"defaultValue": "0",
"metadata": {
"displayName": "Audit: Shut down system immediately if unable to log security audits",
"description": "Audits if the system will shut down when unable to log Security events."
}
},
"effect-33936777-f2ac-45aa-82ec-07958ec9ade4": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-83a214f7-d01a-484b-91a9-ed54470c9a6a": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"requiredRetentionDays-83a214f7-d01a-484b-91a9-ed54470c9a6a": {
"type": "String",
"defaultValue": "365",
"metadata": {
"displayName": "Required retention (days)",
"description": "The required resource logs retention in days"
}
},
"effect-3ac7c827-eea2-4bde-acc7-9568cd320efa": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-18adea5e-f416-4d0f-8aa8-d24321e3e274": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-0fdf0491-d080-4575-b627-ad0e843cba0f": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-afe0c3be-ba3b-4544-ba52-0c99672a8ad6": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"requiredRetentionDays-afe0c3be-ba3b-4544-ba52-0c99672a8ad6": {
"type": "String",
"defaultValue": "365",
"metadata": {
"displayName": "Required retention (days)",
"description": "The required resource logs retention in days if exporting to an Azure Storage account"
}
},
"IncludeArcMachines-1221c620-d201-468c-81e7-2817e6107e84": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos-1221c620-d201-468c-81e7-2817e6107e84": {
"type": "string",
"defaultValue": "2147483644",
"metadata": {
"displayName": "Network Security: Configure encryption types allowed for Kerberos",
"description": "Specifies the encryption types that Kerberos is allowed to use."
}
},
"NetworkSecurityLANManagerAuthenticationLevel-1221c620-d201-468c-81e7-2817e6107e84": {
"type": "string",
"defaultValue": "5",
"metadata": {
"displayName": "Network security: LAN Manager authentication level",
"description": "Specify which challenge-response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers."
}
},
"NetworkSecurityLDAPClientSigningRequirements-1221c620-d201-468c-81e7-2817e6107e84": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Network security: LDAP client signing requirements",
"description": "Specify the level of data signing that is requested on behalf of clients that issue LDAP BIND requests."
}
},
"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients-1221c620-d201-468c-81e7-2817e6107e84": {
"type": "string",
"defaultValue": "537395200",
"metadata": {
"displayName": "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients",
"description": "Specifies which behaviors are allowed by clients for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services. See https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers for more information."
}
},
"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers-1221c620-d201-468c-81e7-2817e6107e84": {
"type": "string",
"defaultValue": "537395200",
"metadata": {
"displayName": "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers",
"description": "Specifies which behaviors are allowed by servers for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services."
}
},
"effect-1221c620-d201-468c-81e7-2817e6107e84": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-404c3081-a854-4457-ae30-26a93ef643f9": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-0049a6b3-a662-4f3e-8635-39cf44ace45a": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-fc9b3da7-8347-4380-8e70-0a0361d8dedd": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"effect-fc9b3da7-8347-4380-8e70-0a0361d8dedd": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"source-d46c275d-1680-448d-b2ec-e495a3b6cc89": {
"type": "String",
"defaultValue": "Original",
"allowedValues": [
"All",
"Generated",
"Original"
],
"metadata": {
"displayName": "Source",
"description": "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones."
}
},
"warn-d46c275d-1680-448d-b2ec-e495a3b6cc89": {
"type": "Boolean",
"defaultValue": false,
"metadata": {
"displayName": "Warn",
"description": "Whether or not to return warnings back to the user in the kubectl cli"
}
},
"effect-d46c275d-1680-448d-b2ec-e495a3b6cc89": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"excludedNamespaces-d46c275d-1680-448d-b2ec-e495a3b6cc89": {
"type": "Array",
"defaultValue": [
"kube-system",
"gatekeeper-system",
"azure-arc",
"azure-extensions-usage-system"
],
"metadata": {
"displayName": "Namespace exclusions",
"description": "List of Kubernetes namespaces to exclude from policy evaluation. Providing a value for this parameter is optional. System namespaces \"kube-system\", \"gatekeeper-system\" and \"azure-arc\" are always excluded by design. \"azure-extensions-usage-system\" is optional to remove."
}
},
"namespaces-d46c275d-1680-448d-b2ec-e495a3b6cc89": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Namespace inclusions",
"description": "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces."
}
},
"labelSelector-d46c275d-1680-448d-b2ec-e495a3b6cc89": {
"type": "object",
"defaultValue": {},
"metadata": {
"displayName": "Kubernetes label selector",
"description": "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources."
}
},
"allowedExternalIPs-d46c275d-1680-448d-b2ec-e495a3b6cc89": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Allowed External IPs",
"description": "List of External IPs that services are allowed to use. Empty array means all external IPs are disallowed.",
"portalReview": true
}
},
"IncludeArcMachines-87845465-c458-45f3-af66-dcd62176f397": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"effect-87845465-c458-45f3-af66-dcd62176f397": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-efbde977-ba53-4479-b8e9-10b957924fbf": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-e6955644-301c-44b5-a4c4-528577de6861": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"effect-e6955644-301c-44b5-a4c4-528577de6861": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-1b8ca024-1d5c-4dec-8995-b1a932b41780": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-1afada58-8b34-7ac2-a38a-983218635201": {
"type": "String",
"defaultValue": "Manual",
"allowedValues": [
"Manual",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"source-df49d893-a74c-421d-bc95-c663042e5b80": {
"type": "String",
"defaultValue": "Original",
"allowedValues": [
"All",
"Generated",
"Original"
],
"metadata": {
"displayName": "Source",
"description": "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones."
}
},
"warn-df49d893-a74c-421d-bc95-c663042e5b80": {
"type": "Boolean",
"defaultValue": false,
"metadata": {
"displayName": "Warn",
"description": "Whether or not to return warnings back to the user in the kubectl cli"
}
},
"effect-df49d893-a74c-421d-bc95-c663042e5b80": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"excludedNamespaces-df49d893-a74c-421d-bc95-c663042e5b80": {
"type": "Array",
"defaultValue": [
"kube-system",
"gatekeeper-system",
"azure-arc",
"azure-extensions-usage-system"
],
"metadata": {
"displayName": "Namespace exclusions",
"description": "List of Kubernetes namespaces to exclude from policy evaluation. System namespaces \"kube-system\", \"gatekeeper-system\" and \"azure-arc\" are always excluded by design. \"azure-extensions-usage-system\" is optional to remove."
}
},
"namespaces-df49d893-a74c-421d-bc95-c663042e5b80": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Namespace inclusions",
"description": "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces."
}
},
"labelSelector-df49d893-a74c-421d-bc95-c663042e5b80": {
"type": "object",
"defaultValue": {},
"metadata": {
"displayName": "Kubernetes label selector",
"description": "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources."
}
},
"excludedContainers-df49d893-a74c-421d-bc95-c663042e5b80": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Containers exclusions",
"description": "The list of InitContainers and Containers to exclude from policy evaluation. The identify is the name of container. Use an empty list to apply this policy to all containers in all namespaces."
}
},
"excludedImages-df49d893-a74c-421d-bc95-c663042e5b80": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Image exclusions",
"description": "The list of InitContainers and Containers to exclude from policy evaluation. The identifier is the image of container. Prefix-matching can be signified with `*`. For example: `myregistry.azurecr.io/istio:*`. It is recommended that users use the fully-qualified Docker image name (e.g. start with a domain name) in order to avoid unexpectedly exempting images from an untrusted repository.",
"portalReview": true
}
},
"effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled",
"Deny"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"allowedKeyTypes-75c4f823-d65c-4f29-a733-01d0077fdbcb": {
"type": "Array",
"defaultValue": [
"RSA",
"RSA-HSM",
"EC",
"EC-HSM"
],
"allowedValues": [
"RSA",
"RSA-HSM",
"EC",
"EC-HSM"
],
"metadata": {
"displayName": "Allowed key types",
"description": "The list of allowed key types"
}
},
"effect-75c4f823-d65c-4f29-a733-01d0077fdbcb": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f": {
"type": "string",
"metadata": {
"displayName": "Members to exclude",
"description": "A semicolon-separated list of members that should be excluded in the Administrators local group. Ex: Administrator; myUser1; myUser2"
}
},
"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"source-423dd1ba-798e-40e4-9c4d-b6902674b423": {
"type": "String",
"defaultValue": "Original",
"allowedValues": [
"All",
"Generated",
"Original"
],
"metadata": {
"displayName": "Source",
"description": "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones."
}
},
"warn-423dd1ba-798e-40e4-9c4d-b6902674b423": {
"type": "Boolean",
"defaultValue": false,
"metadata": {
"displayName": "Warn",
"description": "Whether or not to return warnings back to the user in the kubectl cli"
}
},
"effect-423dd1ba-798e-40e4-9c4d-b6902674b423": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"excludedImages-423dd1ba-798e-40e4-9c4d-b6902674b423": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Image exclusions",
"description": "The list of InitContainers and Containers to exclude from policy evaluation. The identifier is the image of container. Prefix-matching can be signified with `*`. For example: `myregistry.azurecr.io/istio:*`. It is recommended that users use the fully-qualified Docker image name (e.g. start with a domain name) in order to avoid unexpectedly exempting images from an untrusted repository.",
"portalReview": true
}
},
"excludedNamespaces-423dd1ba-798e-40e4-9c4d-b6902674b423": {
"type": "Array",
"defaultValue": [
"kube-system",
"gatekeeper-system",
"azure-arc",
"azure-extensions-usage-system"
],
"metadata": {
"displayName": "Namespace exclusions",
"description": "List of Kubernetes namespaces to exclude from policy evaluation. System namespaces \"kube-system\", \"gatekeeper-system\" and \"azure-arc\" are always excluded by design. \"azure-extensions-usage-system\" is optional to remove."
}
},
"namespaces-423dd1ba-798e-40e4-9c4d-b6902674b423": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Namespace inclusions",
"description": "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces."
}
},
"labelSelector-423dd1ba-798e-40e4-9c4d-b6902674b423": {
"type": "object",
"defaultValue": {},
"metadata": {
"displayName": "Kubernetes label selector",
"description": "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources."
}
},
"effect-2158ddbe-fefa-408e-b43f-d4faef8ff3b8": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-797b37f7-06b8-444c-b1ad-fc62867f335a": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-94d9aca8-3757-46df-aa51-f218c5f11954": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"effect-94d9aca8-3757-46df-aa51-f218c5f11954": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-2d21331d-a4c2-4def-a9ad-ee4e1e023beb": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2": {
"type": "string",
"defaultValue": "Administrator",
"allowedValues": [],
"metadata": {
"displayName": "Members",
"description": "A semicolon-separated list of all the expected members of the Administrators local group. Ex: Administrator; myUser1; myUser2"
}
},
"IncludeArcMachines-bf16e0bb-31e1-4646-8202-60a235cc7e74": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"effect-bf16e0bb-31e1-4646-8202-60a235cc7e74": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-8dfab9c4-fe7b-49ad-85e4-1e9be085358f": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-46aa9b05-0e60-4eae-a88b-1e9d374fa515": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-91a78b24-f231-4a8a-8da9-02c35b2b6510": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"requiredRetentionDays-91a78b24-f231-4a8a-8da9-02c35b2b6510": {
"type": "String",
"defaultValue": "365",
"metadata": {
"displayName": "Required retention (days)",
"description": "The required resource logs retention in days"
}
},
"allowedEncryptionSets-d461a302-a187-421a-89ac-84acdb4edc04": {
"type": "Array",
"metadata": {
"displayName": "Allowed disk encryption set",
"description": "The list of allowed disk encryption sets for managed disks.",
"strongType": "Microsoft.Compute/diskEncryptionSets"
}
},
"effect-d461a302-a187-421a-89ac-84acdb4edc04": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-3bc8a0d5-38e0-4a3d-a657-2cb64468fc34": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"source-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99": {
"type": "String",
"defaultValue": "Original",
"allowedValues": [
"All",
"Generated",
"Original"
],
"metadata": {
"displayName": "Source",
"description": "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones."
}
},
"warn-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99": {
"type": "Boolean",
"defaultValue": false,
"metadata": {
"displayName": "Warn",
"description": "Whether or not to return warnings back to the user in the kubectl cli"
}
},
"effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"excludedNamespaces-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99": {
"type": "Array",
"defaultValue": [
"kube-system",
"gatekeeper-system",
"azure-arc",
"azure-extensions-usage-system"
],
"metadata": {
"displayName": "Namespace exclusions",
"description": "List of Kubernetes namespaces to exclude from policy evaluation. System namespaces \"kube-system\", \"gatekeeper-system\" and \"azure-arc\" are always excluded by design. \"azure-extensions-usage-system\" is optional to remove."
}
},
"namespaces-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Namespace inclusions",
"description": "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces."
}
},
"labelSelector-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99": {
"type": "object",
"defaultValue": {},
"metadata": {
"displayName": "Kubernetes label selector",
"description": "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources."
}
},
"excludedContainers-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Containers exclusions",
"description": "The list of InitContainers and Containers to exclude from policy evaluation. The identify is the name of container. Use an empty list to apply this policy to all containers in all namespaces."
}
},
"excludedImages-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Image exclusions",
"description": "The list of InitContainers and Containers to exclude from policy evaluation. The identifier is the image of container. Prefix-matching can be signified with `*`. For example: `myregistry.azurecr.io/istio:*`. It is recommended that users use the fully-qualified Docker image name (e.g. start with a domain name) in order to avoid unexpectedly exempting images from an untrusted repository.",
"portalReview": true
}
},
"effect-ca91455f-eace-4f96-be59-e6e2c35b4816": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-f4826e5f-6a27-407c-ae3e-9582eb39891d": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-7803067c-7d34-46e3-8c79-0ca68fc4036d": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-3d9f5e4c-9947-4579-9539-2a7695fbc187": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-009a0c92-f5b4-4776-9b66-4ed2b4775563": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-fb893a29-21bb-418c-a157-e99480ec364c": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-af35e2a4-ef96-44e7-a9ae-853dd97032c4": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled",
"Deny"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"evaluatedSkuNames-af35e2a4-ef96-44e7-a9ae-853dd97032c4": {
"type": "Array",
"defaultValue": [
"Standard",
"Enterprise"
],
"allowedValues": [
"Standard",
"Enterprise"
],
"metadata": {
"displayName": "Azure Spring Cloud SKU Names",
"description": "List of Azure Spring Cloud SKUs against which this policy will be evaluated."
}
},
"effect-2393d2cf-a342-44cd-a2e2-fe0188fd1234": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-b8564268-eb4a-4337-89be-a19db070c59d": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-55615ac9-af46-4a59-874e-391cc3dfb490": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"restrictIPAddresses-55615ac9-af46-4a59-874e-391cc3dfb490": {
"type": "String",
"defaultValue": "No",
"allowedValues": [
"Yes",
"No"
],
"metadata": {
"displayName": "Would you like to restrict specific IP addresses?",
"description": "Select (Yes) to allow or forbid a list of IP addresses. If (No), the list of IP addresses won't have any effect in the policy enforcement"
}
},
"allowedIPAddresses-55615ac9-af46-4a59-874e-391cc3dfb490": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Allowed IP addresses",
"description": "Array with allowed public IP addresses. An empty array is evaluated as to allow all IPs."
}
},
"forbiddenIPAddresses-55615ac9-af46-4a59-874e-391cc3dfb490": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Forbidden IP addresses",
"description": "Array with forbidden public IP addresses. An empty array is evaluated as there are no forbidden IP addresses."
}
},
"effect-c4857be7-912a-4c75-87e6-e30292bcdf78": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"listOfImageIdToInclude_windows-11ac78e3-31bc-4f0c-8434-37ab963cea07": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Optional: List of virtual machine images that have supported Windows OS to add to scope",
"description": "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
}
},
"listOfImageIdToInclude_linux-11ac78e3-31bc-4f0c-8434-37ab963cea07": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Optional: List of virtual machine images that have supported Linux OS to add to scope",
"description": "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
}
},
"effect-11ac78e3-31bc-4f0c-8434-37ab963cea07": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-4ceb8dc2-559c-478b-a15b-733fbf1e3738": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"MaximumPasswordAge-4ceb8dc2-559c-478b-a15b-733fbf1e3738": {
"type": "string",
"defaultValue": "70",
"metadata": {
"displayName": "Maximum password age",
"description": "The Maximum password age setting determines the period of time (in days) that a password can be used before the system requires the user to change it.",
"portalReview": "true"
}
},
"effect-4ceb8dc2-559c-478b-a15b-733fbf1e3738": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917": {
"type": "String",
"metadata": {
"displayName": "Log Analytics Workspace Id that virtual machines should be configured for",
"description": "This is the Id (GUID) of the Log Analytics Workspace that the virtual machines should be configured for."
}
},
"effect-f47b5582-33ec-4c5c-87c0-b010a6b2e917": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-ae5d2f14-d830-42b6-9899-df6cfe9c71a3": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-a70ca396-0a34-413a-88e1-b956c1e683be": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-7796937f-307b-4598-941c-67d3a05ebfe7": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"allowedECNames-ff25f3c8-b739-4538-9d07-3d6d25cfb255": {
"type": "Array",
"defaultValue": [
"P-256",
"P-256K",
"P-384",
"P-521"
],
"allowedValues": [
"P-256",
"P-256K",
"P-384",
"P-521"
],
"metadata": {
"displayName": "Allowed elliptic curve names",
"description": "The list of allowed curve names for elliptic curve cryptography certificates."
}
},
"effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-4c3c6c5f-0d47-4402-99b8-aa543dd8bcee": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-d6759c02-b87f-42b7-892e-71b3f471d782": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Administrators, Authenticated Users",
"metadata": {
"displayName": "Users or groups that may access this computer from the network",
"description": "Specifies which remote users on the network are permitted to connect to the computer. This does not include Remote Desktop Connection."
}
},
"UsersOrGroupsThatMayLogOnLocally-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Administrators",
"metadata": {
"displayName": "Users or groups that may log on locally",
"description": "Specifies which users or groups can interactively log on to the computer. Users who attempt to log on via Remote Desktop Connection or IIS also require this user right."
}
},
"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Administrators, Remote Desktop Users",
"metadata": {
"displayName": "Users or groups that may log on through Remote Desktop Services",
"description": "Specifies which users or groups are permitted to log on as a Terminal Services client, Remote Desktop, or for Remote Assistance."
}
},
"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Guests",
"metadata": {
"displayName": "Users and groups that are denied access to this computer from the network",
"description": "Specifies which users or groups are explicitly prohibited from connecting to the computer across the network."
}
},
"UsersOrGroupsThatMayManageAuditingAndSecurityLog-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Administrators",
"metadata": {
"displayName": "Users or groups that may manage auditing and security log",
"description": "Specifies users and groups permitted to change the auditing options for files and directories and clear the Security log."
}
},
"UsersOrGroupsThatMayBackUpFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Administrators, Backup Operators",
"metadata": {
"displayName": "Users or groups that may back up files and directories",
"description": "Specifies users and groups allowed to circumvent file and directory permissions to back up the system."
}
},
"UsersOrGroupsThatMayChangeTheSystemTime-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Administrators, LOCAL SERVICE",
"metadata": {
"displayName": "Users or groups that may change the system time",
"description": "Specifies which users and groups are permitted to change the time and date on the internal clock of the computer."
}
},
"UsersOrGroupsThatMayChangeTheTimeZone-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Administrators, LOCAL SERVICE",
"metadata": {
"displayName": "Users or groups that may change the time zone",
"description": "Specifies which users and groups are permitted to change the time zone of the computer."
}
},
"UsersOrGroupsThatMayCreateATokenObject-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "No One",
"metadata": {
"displayName": "Users or groups that may create a token object",
"description": "Specifies which users and groups are permitted to create an access token, which may provide elevated rights to access sensitive data."
}
},
"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Guests",
"metadata": {
"displayName": "Users and groups that are denied logging on as a batch job",
"description": "Specifies which users and groups are explicitly not permitted to log on to the computer as a batch job (i.e. scheduled task)."
}
},
"UsersAndGroupsThatAreDeniedLoggingOnAsAService-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Guests",
"metadata": {
"displayName": "Users and groups that are denied logging on as a service",
"description": "Specifies which service accounts are explicitly not permitted to register a process as a service."
}
},
"UsersAndGroupsThatAreDeniedLocalLogon-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Guests",
"metadata": {
"displayName": "Users and groups that are denied local logon",
"description": "Specifies which users and groups are explicitly not permitted to log on to the computer."
}
},
"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Guests",
"metadata": {
"displayName": "Users and groups that are denied log on through Remote Desktop Services",
"description": "Specifies which users and groups are explicitly not permitted to log on to the computer via Terminal Services/Remote Desktop Client."
}
},
"UserAndGroupsThatMayForceShutdownFromARemoteSystem-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Administrators",
"metadata": {
"displayName": "User and groups that may force shutdown from a remote system",
"description": "Specifies which users and groups are permitted to shut down the computer from a remote location on the network."
}
},
"UsersAndGroupsThatMayRestoreFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Administrators, Backup Operators",
"metadata": {
"displayName": "Users and groups that may restore files and directories",
"description": "Specifies which users and groups are permitted to bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories."
}
},
"UsersAndGroupsThatMayShutDownTheSystem-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Administrators",
"metadata": {
"displayName": "Users and groups that may shut down the system",
"description": "Specifies which users and groups who are logged on locally to the computers in your environment are permitted to shut down the operating system with the Shut Down command."
}
},
"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "Administrators",
"metadata": {
"displayName": "Users or groups that may take ownership of files or other objects",
"description": "Specifies which users and groups are permitted to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user."
}
},
"effect-e068b215-0026-4354-b347-8fb2766f73a2": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-97566dd7-78ae-4997-8b36-1c7bfe0d8121": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-c0e996f8-39cf-4af9-9f45-83fbde810432": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"approvedExtensions-c0e996f8-39cf-4af9-9f45-83fbde810432": {
"type": "Array",
"metadata": {
"description": "The list of approved extension types that can be installed. Example: AzureDiskEncryption",
"displayName": "Approved extensions"
}
},
"effect-d416745a-506c-48b6-8ab1-83cb814bcaa3": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"virtualNetworkId-d416745a-506c-48b6-8ab1-83cb814bcaa3": {
"type": "string",
"metadata": {
"displayName": "Virtual network Id",
"description": "Resource Id of the virtual network. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroupName/providers/Microsoft.Network/virtualNetworks/Name"
}
},
"effect-6581d072-105e-4418-827f-bd446d56421b": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-c9d007d0-c057-4772-b18c-01e546713bcd": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-2a7a701e-dff3-4da9-9ec5-42cb98594c0b": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"AuditAuthenticationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b": {
"type": "string",
"defaultValue": "Success",
"allowedValues": [
"No Auditing",
"Success",
"Failure",
"Success and Failure"
],
"metadata": {
"displayName": "Audit Authentication Policy Change",
"description": "Specifies whether audit events are generated when changes are made to authentication policy. This setting is useful for tracking changes in domain-level and forest-level trust and privileges that are granted to user accounts or groups."
}
},
"AuditAuthorizationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b": {
"type": "string",
"defaultValue": "No Auditing",
"allowedValues": [
"No Auditing",
"Success",
"Failure",
"Success and Failure"
],
"metadata": {
"displayName": "Audit Authorization Policy Change",
"description": "Specifies whether audit events are generated for assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects."
}
},
"effect-2a7a701e-dff3-4da9-9ec5-42cb98594c0b": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-492a29ed-d143-4f03-b6a4-705ce081b463": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"UACAdminApprovalModeForTheBuiltinAdministratorAccount-492a29ed-d143-4f03-b6a4-705ce081b463": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "UAC: Admin Approval Mode for the Built-in Administrator account",
"description": "Specifies the behavior of Admin Approval Mode for the built-in Administrator account."
}
},
"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463": {
"type": "string",
"defaultValue": "2",
"metadata": {
"displayName": "UAC: Behavior of the elevation prompt for administrators in Admin Approval Mode",
"description": "Specifies the behavior of the elevation prompt for administrators."
}
},
"UACDetectApplicationInstallationsAndPromptForElevation-492a29ed-d143-4f03-b6a4-705ce081b463": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "UAC: Detect application installations and prompt for elevation",
"description": "Specifies the behavior of application installation detection for the computer."
}
},
"UACRunAllAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "UAC: Run all administrators in Admin Approval Mode",
"description": "Specifies the behavior of all User Account Control (UAC) policy settings for the computer."
}
},
"effect-492a29ed-d143-4f03-b6a4-705ce081b463": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"WindowsFirewallDomainUseProfileSettings-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Windows Firewall (Domain): Use profile settings",
"description": "Specifies whether Windows Firewall with Advanced Security uses the settings for the Domain profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile."
}
},
"WindowsFirewallDomainBehaviorForOutboundConnections-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "0",
"metadata": {
"displayName": "Windows Firewall (Domain): Behavior for outbound connections",
"description": "Specifies the behavior for outbound connections for the Domain profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections."
}
},
"WindowsFirewallDomainApplyLocalConnectionSecurityRules-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Windows Firewall (Domain): Apply local connection security rules",
"description": "Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Domain profile."
}
},
"WindowsFirewallDomainApplyLocalFirewallRules-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Windows Firewall (Domain): Apply local firewall rules",
"description": "Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Domain profile."
}
},
"WindowsFirewallDomainDisplayNotifications-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Windows Firewall (Domain): Display notifications",
"description": "Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Domain profile."
}
},
"WindowsFirewallPrivateUseProfileSettings-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Windows Firewall (Private): Use profile settings",
"description": "Specifies whether Windows Firewall with Advanced Security uses the settings for the Private profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile."
}
},
"WindowsFirewallPrivateBehaviorForOutboundConnections-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "0",
"metadata": {
"displayName": "Windows Firewall (Private): Behavior for outbound connections",
"description": "Specifies the behavior for outbound connections for the Private profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections."
}
},
"WindowsFirewallPrivateApplyLocalConnectionSecurityRules-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Windows Firewall (Private): Apply local connection security rules",
"description": "Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Private profile."
}
},
"WindowsFirewallPrivateApplyLocalFirewallRules-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Windows Firewall (Private): Apply local firewall rules",
"description": "Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Private profile."
}
},
"WindowsFirewallPrivateDisplayNotifications-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Windows Firewall (Private): Display notifications",
"description": "Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Private profile."
}
},
"WindowsFirewallPublicUseProfileSettings-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Windows Firewall (Public): Use profile settings",
"description": "Specifies whether Windows Firewall with Advanced Security uses the settings for the Public profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile."
}
},
"WindowsFirewallPublicBehaviorForOutboundConnections-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "0",
"metadata": {
"displayName": "Windows Firewall (Public): Behavior for outbound connections",
"description": "Specifies the behavior for outbound connections for the Public profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections."
}
},
"WindowsFirewallPublicApplyLocalConnectionSecurityRules-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Windows Firewall (Public): Apply local connection security rules",
"description": "Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Public profile."
}
},
"WindowsFirewallPublicApplyLocalFirewallRules-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Windows Firewall (Public): Apply local firewall rules",
"description": "Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Public profile."
}
},
"WindowsFirewallPublicDisplayNotifications-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Windows Firewall (Public): Display notifications",
"description": "Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Public profile."
}
},
"WindowsFirewallDomainAllowUnicastResponse-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "0",
"metadata": {
"displayName": "Windows Firewall: Domain: Allow unicast response",
"description": "Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Domain profile."
}
},
"WindowsFirewallPrivateAllowUnicastResponse-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "0",
"metadata": {
"displayName": "Windows Firewall: Private: Allow unicast response",
"description": "Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Private profile."
}
},
"WindowsFirewallPublicAllowUnicastResponse-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Windows Firewall: Public: Allow unicast response",
"description": "Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Public profile."
}
},
"effect-35d9882c-993d-44e6-87d2-db66ce21b636": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-d38fc420-0735-4ef3-ac11-c806f651a570": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-ebb67efd-3c46-49b0-adfe-5599eb944998": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"installedApplication-ebb67efd-3c46-49b0-adfe-5599eb944998": {
"type": "string",
"metadata": {
"displayName": "Application names (supports wildcards)",
"description": "A semicolon-separated list of the names of the applications that should be installed. e.g. 'Microsoft SQL Server 2014 (64-bit); Microsoft Visual Studio Code' or 'Microsoft SQL Server 2014*' (to match any application starting with 'Microsoft SQL Server 2014')"
}
},
"effect-c9299215-ae47-4f50-9c54-8a392f68a052": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-60d21c4f-21a3-4d94-85f4-b924e6aeeda4": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-f1776c76-f58c-4245-a8d0-2b207198dc8b": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"virtualNetworkGatewayId-f1776c76-f58c-4245-a8d0-2b207198dc8b": {
"type": "string",
"metadata": {
"displayName": "Virtual network gateway Id",
"description": "Resource Id of the virtual network gateway. Example: /subscriptions/YourSubscriptionId/resourceGroups/YourResourceGroup/providers/Microsoft.Network/virtualNetworkGateways/Name"
}
},
"effect-11e3da8c-1d68-4392-badd-0ff3c43ab5b0": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-7698e800-9299-47a6-b3b6-5a0fee576eed": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4": {
"type": "String",
"defaultValue": "365",
"metadata": {
"displayName": "Required retention (days)",
"description": "The required resource logs retention in days"
}
},
"effect-fc26e2fd-3149-74b4-5988-d64bb90f8ef7": {
"type": "String",
"defaultValue": "Manual",
"allowedValues": [
"Manual",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-adbe85b5-83e6-4350-ab58-bf3a4f736e5e": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-c39ba22d-4428-4149-b981-70acb31fc383": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"source-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8": {
"type": "String",
"defaultValue": "Original",
"allowedValues": [
"All",
"Generated",
"Original"
],
"metadata": {
"displayName": "Source",
"description": "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones."
}
},
"warn-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8": {
"type": "Boolean",
"defaultValue": false,
"metadata": {
"displayName": "Warn",
"description": "Whether or not to return warnings back to the user in the kubectl cli"
}
},
"effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"excludedNamespaces-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8": {
"type": "Array",
"defaultValue": [
"kube-system",
"gatekeeper-system",
"azure-arc",
"azure-extensions-usage-system"
],
"metadata": {
"displayName": "Namespace exclusions",
"description": "List of Kubernetes namespaces to exclude from policy evaluation. System namespaces \"kube-system\", \"gatekeeper-system\" and \"azure-arc\" are always excluded by design. \"azure-extensions-usage-system\" is optional to remove."
}
},
"namespaces-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Namespace inclusions",
"description": "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces."
}
},
"labelSelector-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8": {
"type": "object",
"defaultValue": {},
"metadata": {
"displayName": "Kubernetes label selector",
"description": "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources."
}
},
"excludedImages-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Image exclusions",
"description": "The list of InitContainers and Containers to exclude from policy evaluation. The identifier is the image of container. Prefix-matching can be signified with `*`. For example: `myregistry.azurecr.io/istio:*`. It is recommended that users use the fully-qualified Docker image name (e.g. start with a domain name) in order to avoid unexpectedly exempting images from an untrusted repository.",
"portalReview": true
}
},
"listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9": {
"type": "Array",
"metadata": {
"displayName": "Resource Types",
"strongType": "resourceTypes"
}
},
"logsEnabled-7f89b1eb-583c-429a-8828-af049802c1d9": {
"type": "Boolean",
"defaultValue": true,
"allowedValues": [
true,
false
],
"metadata": {
"displayName": "Logs Enabled"
}
},
"metricsEnabled-7f89b1eb-583c-429a-8828-af049802c1d9": {
"type": "Boolean",
"defaultValue": true,
"allowedValues": [
true,
false
],
"metadata": {
"displayName": "Metrics Enabled"
}
},
"effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"operationName-c5447c04-a4d7-4ba8-a263-c9ee321a6858": {
"type": "String",
"allowedValues": [
"Microsoft.Authorization/policyAssignments/write",
"Microsoft.Authorization/policyAssignments/delete"
],
"metadata": {
"displayName": "Operation Name",
"description": "Policy Operation name for which activity log alert should exist"
}
},
"effect-1c30f9cd-b84c-49cc-aa2c-9288447cc3b3": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-1cb4d9c2-f88f-4069-bee0-dba239a57b09": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-f2143251-70de-4e81-87a8-36cee5a2f29d": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"EnforcePasswordHistory-f2143251-70de-4e81-87a8-36cee5a2f29d": {
"type": "string",
"defaultValue": "24",
"metadata": {
"displayName": "Enforce password history",
"description": "Specifies limits on password reuse - how many times a new password must be created for a user account before the password can be repeated."
}
},
"MaximumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d": {
"type": "string",
"defaultValue": "1,70",
"metadata": {
"displayName": "Maximum password age",
"description": "Specifies the maximum number of days that may elapse before a user account password must be changed. The format of the value is two integers separated by a comma, denoting an inclusive range."
}
},
"MinimumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Minimum password age",
"description": "Specifies the minimum number of days that must elapse before a user account password can be changed."
}
},
"MinimumPasswordLength-f2143251-70de-4e81-87a8-36cee5a2f29d": {
"type": "string",
"defaultValue": "14",
"metadata": {
"displayName": "Minimum password length",
"description": "Specifies the minimum number of characters that a user account password may contain."
}
},
"PasswordMustMeetComplexityRequirements-f2143251-70de-4e81-87a8-36cee5a2f29d": {
"type": "string",
"defaultValue": "1",
"metadata": {
"displayName": "Password must meet complexity requirements",
"description": "Specifies whether a user account password must be complex. If required, a complex password must not contain part of user's account name or full name; be at least 6 characters long; contain a mix of uppercase, lowercase, number, and non-alphabetic characters."
}
},
"effect-f2143251-70de-4e81-87a8-36cee5a2f29d": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-cf820ca0-f99e-4f3e-84fb-66e913812d21": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"requiredRetentionDays-cf820ca0-f99e-4f3e-84fb-66e913812d21": {
"type": "String",
"defaultValue": "365",
"metadata": {
"displayName": "Required retention (days)",
"description": "The required resource logs retention in days"
}
},
"effect-146412e9-005c-472b-9e48-c87b72ac229e": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-72650e9f-97bc-4b2a-ab5f-9781a9fcecbc": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"effect-72650e9f-97bc-4b2a-ab5f-9781a9fcecbc": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-32e6bbec-16b6-44c2-be37-c5b672d103cf": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled",
"Deny"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-bd876905-5b84-4f73-ab2d-2e7a7c4568d9": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-34f95f76-5386-4de7-b824-0d8478470c9d": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"requiredRetentionDays-34f95f76-5386-4de7-b824-0d8478470c9d": {
"type": "String",
"defaultValue": "365",
"metadata": {
"displayName": "Required retention (days)",
"description": "The required resource logs retention in days"
}
},
"effect-8ac833bd-f505-48d5-887e-c993a1d3eea0": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9": {
"type": "String",
"defaultValue": "enabled",
"allowedValues": [
"enabled",
"disabled"
],
"metadata": {
"displayName": "Desired Auditing setting"
}
},
"effect-ac01ad65-10e5-46df-bdd9-6b0cad13e1d2": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-e15effd4-2278-4c65-a0da-4d6f6d1890e2": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Deny",
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-7926a6d1-b268-4586-8197-e8ae90c877d7": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"minimumRSAKeySize-82067dbb-e53b-4e06-b631-546d197452d9": {
"type": "Integer",
"allowedValues": [
2048,
3072,
4096
],
"metadata": {
"displayName": "Minimum RSA key size",
"description": "The minimum key size for RSA keys."
}
},
"effect-82067dbb-e53b-4e06-b631-546d197452d9": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-a8793640-60f7-487c-b5c3-1d37215905c4": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-58383b73-94a9-4414-b382-4146eb02611b": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"AuditProcessTermination-58383b73-94a9-4414-b382-4146eb02611b": {
"type": "string",
"defaultValue": "No Auditing",
"allowedValues": [
"No Auditing",
"Success",
"Failure",
"Success and Failure"
],
"metadata": {
"displayName": "Audit Process Termination",
"description": "Specifies whether audit events are generated when a process has exited. Recommended for monitoring termination of critical processes."
}
},
"effect-58383b73-94a9-4414-b382-4146eb02611b": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"listOfImageIdToInclude_windows-32133ab0-ee4b-4b44-98d6-042180979d50": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Optional: List of virtual machine images that have supported Windows OS to add to scope",
"description": "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
}
},
"listOfImageIdToInclude_linux-32133ab0-ee4b-4b44-98d6-042180979d50": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Optional: List of virtual machine images that have supported Linux OS to add to scope",
"description": "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
}
},
"effect-32133ab0-ee4b-4b44-98d6-042180979d50": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-0a370ff3-6cab-4e85-8995-295fd854c5b8": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-d63edb4a-c612-454d-b47d-191a724fcbf0": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-9dfea752-dd46-4766-aed1-c355fa93fb91": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-ca88aadc-6e2b-416c-9de2-5a0f01d1693f": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-9b597639-28e4-48eb-b506-56b05d366257": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-438c38d2-3772-465a-a9cc-7a6666a275ce": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-a21f8c92-9e22-4f09-b759-50500d1d2dda": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-d2e7ea85-6b44-4317-a0be-1b951587f626": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"excludedNamespaces-d2e7ea85-6b44-4317-a0be-1b951587f626": {
"type": "Array",
"defaultValue": [
"kube-system",
"gatekeeper-system",
"azure-arc",
"azure-extensions-usage-system"
],
"metadata": {
"displayName": "Namespace exclusions",
"description": "List of Kubernetes namespaces to exclude from policy evaluation. System namespaces \"kube-system\", \"gatekeeper-system\" and \"azure-arc\" are always excluded by design. \"azure-extensions-usage-system\" is optional to remove."
}
},
"namespaces-d2e7ea85-6b44-4317-a0be-1b951587f626": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Namespace inclusions",
"description": "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces."
}
},
"labelSelector-d2e7ea85-6b44-4317-a0be-1b951587f626": {
"type": "object",
"defaultValue": {},
"metadata": {
"displayName": "Kubernetes label selector",
"description": "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources."
}
},
"excludedContainers-d2e7ea85-6b44-4317-a0be-1b951587f626": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Containers exclusions",
"description": "The list of InitContainers and Containers to exclude from policy evaluation. The identify is the name of container. Use an empty list to apply this policy to all containers in all namespaces."
}
},
"excludedImages-d2e7ea85-6b44-4317-a0be-1b951587f626": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Image exclusions",
"description": "The list of InitContainers and Containers to exclude from policy evaluation. The identifier is the image of container. Prefix-matching can be signified with `*`. For example: `myregistry.azurecr.io/istio:*`. It is recommended that users use the fully-qualified Docker image name (e.g. start with a domain name) in order to avoid unexpectedly exempting images from an untrusted repository.",
"portalReview": true
}
},
"effect-057ef27e-665e-4328-8ea3-04b3122bd9fb": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"requiredRetentionDays-057ef27e-665e-4328-8ea3-04b3122bd9fb": {
"type": "String",
"defaultValue": "365",
"metadata": {
"displayName": "Required retention (days)",
"description": "The required resource logs retention in days"
}
},
"subnetId-77e8b146-0078-4fb2-b002-e112381199f0": {
"type": "string",
"metadata": {
"displayName": "Subnet ID",
"strongType": "Microsoft.Network/virtualNetworks/subnets",
"description": "The resource ID of the virtual network subnet that should have a rule enabled. Example: /subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/testsubnet"
}
},
"effect-d31e5c31-63b2-4f12-887b-e49456834fa1": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-0e6763cc-5078-4e64-889d-ff4d9a839047": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-b4dec045-250a-48c2-b5cc-e0c4eec8b5b4": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-b52376f7-9612-48a1-81cd-1ffe4b61032c": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-12430be1-6cc8-4527-a9a8-e3d38f250096": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096": {
"type": "String",
"defaultValue": "Detection",
"allowedValues": [
"Prevention",
"Detection"
],
"metadata": {
"displayName": "Mode Requirement",
"description": "Mode required for all WAF policies"
}
},
"effect-0a9fbe0d-c5c4-4da8-87d8-f4fd77338835": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-7bdb79ea-16b8-453e-4ca4-ad5b16012414": {
"type": "String",
"defaultValue": "Manual",
"allowedValues": [
"Manual",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-549814b6-3212-4203-bdc8-1548d342fb67": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"maximumDaysToRotate-d8cf8476-a2ec-4916-896e-992351803c44": {
"type": "Integer",
"metadata": {
"displayName": "The maximum days to rotate",
"description": "The maximum number of days after key creation until it must be rotated."
}
},
"effect-d8cf8476-a2ec-4916-896e-992351803c44": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-b02aacc0-b073-424e-8298-42b22829ee0a": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-245fc9df-fa96-4414-9a0b-3738c2f7341c": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"requiredRetentionDays-245fc9df-fa96-4414-9a0b-3738c2f7341c": {
"type": "String",
"defaultValue": "365",
"metadata": {
"displayName": "Required retention (days)",
"description": "The required resource logs retention (in days)"
}
},
"effect-af99038c-02fd-4a2f-ac24-386b62bf32de": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-22730e10-96f6-4aac-ad84-9383d35b5917": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-044985bb-afe1-42cd-8a36-9d5d42424537": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-ea4d6841-2173-4317-9747-ff522a45120f": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-d38668f5-d155-42c7-ab3d-9b57b50f8fbf": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-abda6d70-9778-44e7-84a8-06713e6db027": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-090c7b07-b4ed-4561-ad20-e9075f3ccaff": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"listOfImageIdToInclude_windows-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Optional: List of virtual machine images that have supported Windows OS to add to scope",
"description": "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
}
},
"listOfImageIdToInclude_linux-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Optional: List of virtual machine images that have supported Linux OS to add to scope",
"description": "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
}
},
"effect-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15": {
"type": "string",
"defaultValue": "Disabled",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects",
"deprecated": true
}
},
"effect-0564d078-92f5-4f97-8398-b9f58a51f70b": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-17f4b1cc-c55c-4d94-b1f9-2978f6ac2957": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"requiredRetentionDays-c95c74d9-38fe-4f0d-af86-0c7d626a315c": {
"type": "String",
"defaultValue": "365",
"metadata": {
"displayName": "Required retention (days)",
"description": "The required resource logs retention in days"
}
},
"effect-0a1302fb-a631-4106-9753-f3d494733990": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-b954148f-4c11-4c38-8221-be76711e194a": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"operationName-b954148f-4c11-4c38-8221-be76711e194a": {
"type": "String",
"allowedValues": [
"Microsoft.Sql/servers/firewallRules/write",
"Microsoft.Sql/servers/firewallRules/delete",
"Microsoft.Network/networkSecurityGroups/write",
"Microsoft.Network/networkSecurityGroups/delete",
"Microsoft.ClassicNetwork/networkSecurityGroups/write",
"Microsoft.ClassicNetwork/networkSecurityGroups/delete",
"Microsoft.Network/networkSecurityGroups/securityRules/write",
"Microsoft.Network/networkSecurityGroups/securityRules/delete",
"Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write",
"Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/delete"
],
"metadata": {
"displayName": "Operation Name",
"description": "Administrative Operation name for which activity log alert should be configured"
}
},
"IncludeArcMachines-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"NetworkAccessRemotelyAccessibleRegistryPaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd": {
"type": "string",
"defaultValue": "System\\CurrentControlSet\\Control\\ProductOptions|#|System\\CurrentControlSet\\Control\\Server Applications|#|Software\\Microsoft\\Windows NT\\CurrentVersion",
"metadata": {
"displayName": "Network access: Remotely accessible registry paths",
"description": "Specifies which registry paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key."
}
},
"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd": {
"type": "string",
"defaultValue": "System\\CurrentControlSet\\Control\\Print\\Printers|#|System\\CurrentControlSet\\Services\\Eventlog|#|Software\\Microsoft\\OLAP Server|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows|#|System\\CurrentControlSet\\Control\\ContentIndex|#|System\\CurrentControlSet\\Control\\Terminal Server|#|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|#|System\\CurrentControlSet\\Control\\Terminal Server\\DefaultUserConfiguration|#|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|#|System\\CurrentControlSet\\Services\\SysmonLog",
"metadata": {
"displayName": "Network access: Remotely accessible registry paths and sub-paths",
"description": "Specifies which registry paths and sub-paths will be accessible over the network, regardless of the users or groups listed in the access control list (ACL) of the `winreg` registry key."
}
},
"NetworkAccessSharesThatCanBeAccessedAnonymously-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd": {
"type": "string",
"defaultValue": "0",
"metadata": {
"displayName": "Network access: Shares that can be accessed anonymously",
"description": "Specifies which network shares can be accessed by anonymous users. The default configuration for this policy setting has little effect because all users have to be authenticated before they can access shared resources on the server."
}
},
"effect-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-0fea8f8a-4169-495d-8307-30ec335f387d": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effects-f110a506-2dcb-422e-bcea-d533fc8c35e2": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "The effect determines what happens when the policy rule is evaluated to match."
}
},
"effect-bfecdea6-31c4-4045-ad42-71b9dc87247d": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-19dd1db6-f442-49cf-a838-b0786b4401ef": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-d9844e8a-1437-4aeb-a32c-0c992f056095": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-ee984370-154a-4ee8-9726-19d900e56fc0": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"AccountsGuestAccountStatus-ee984370-154a-4ee8-9726-19d900e56fc0": {
"type": "string",
"defaultValue": "0",
"metadata": {
"displayName": "Accounts: Guest account status",
"description": "Specifies whether the local Guest account is disabled."
}
},
"effect-ee984370-154a-4ee8-9726-19d900e56fc0": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-1f90fc71-a595-4066-8974-d4d0802e8ef0": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-f85bf3e0-d513-442e-89c3-1784ad63382b": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-78215662-041e-49ed-a9dd-5385911b3a1f": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-df73bd95-24da-4a4f-96b9-4e8b94b402bd": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"endpointType-df73bd95-24da-4a4f-96b9-4e8b94b402bd": {
"type": "String",
"defaultValue": "Management",
"allowedValues": [
"Management",
"Git",
"Gateway Configuration"
],
"metadata": {
"displayName": "Public Endpoint Type",
"description": "Public Endpoint Type for which to enforce the access check"
}
},
"effect-d550e854-df1a-4de9-bf44-cd894b39a95e": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-1dc2fc00-2245-4143-99f4-874c937f13ef": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-051cba44-2429-45b9-9649-46cec11c7119": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-e71308d3-144b-4262-b144-efdc3cc90517": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"IncludeArcMachines-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7": {
"type": "string",
"defaultValue": "false",
"allowedValues": [
"true",
"false"
],
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
}
},
"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7": {
"type": "string",
"metadata": {
"displayName": "Members to include",
"description": "A semicolon-separated list of members that should be included in the Administrators local group. Ex: Administrator; myUser1; myUser2"
}
},
"effect-5d4e3c65-4873-47be-94f3-6f8b953a3598": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"source-098fc59e-46c7-4d99-9b16-64990e543d75": {
"type": "String",
"defaultValue": "Original",
"allowedValues": [
"All",
"Generated",
"Original"
],
"metadata": {
"displayName": "Source",
"description": "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones."
}
},
"warn-098fc59e-46c7-4d99-9b16-64990e543d75": {
"type": "Boolean",
"defaultValue": false,
"metadata": {
"displayName": "Warn",
"description": "Whether or not to return warnings back to the user in the kubectl cli"
}
},
"effect-098fc59e-46c7-4d99-9b16-64990e543d75": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"excludedNamespaces-098fc59e-46c7-4d99-9b16-64990e543d75": {
"type": "Array",
"defaultValue": [
"kube-system",
"gatekeeper-system",
"azure-arc",
"azure-extensions-usage-system"
],
"metadata": {
"displayName": "Namespace exclusions",
"description": "List of Kubernetes namespaces to exclude from policy evaluation. System namespaces \"kube-system\", \"gatekeeper-system\" and \"azure-arc\" are always excluded by design. \"azure-extensions-usage-system\" is optional to remove."
}
},
"namespaces-098fc59e-46c7-4d99-9b16-64990e543d75": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Namespace inclusions",
"description": "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces."
}
},
"labelSelector-098fc59e-46c7-4d99-9b16-64990e543d75": {
"type": "object",
"defaultValue": {},
"metadata": {
"displayName": "Kubernetes label selector",
"description": "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources."
}
},
"allowedHostPaths-098fc59e-46c7-4d99-9b16-64990e543d75": {
"type": "Object",
"defaultValue": {
"paths": []
},
"metadata": {
"displayName": "Allowed host paths",
"description": "The host paths allowed for pod hostPath volumes to use. Provide an empty paths list to block all host paths.",
"portalReview": true
}
},
"excludedContainers-098fc59e-46c7-4d99-9b16-64990e543d75": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Containers exclusions",
"description": "The list of InitContainers and Containers to exclude from readonly evaluation. It will not exclude the disallowed host path. The identify is the name of container. Use an empty list to apply this policy to all containers in all namespaces."
}
},
"excludedImages-098fc59e-46c7-4d99-9b16-64990e543d75": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Image exclusions",
"description": "The list of InitContainers and Containers to exclude from policy evaluation. The identifier is the image of container. Prefix-matching can be signified with `*`. For example: `myregistry.azurecr.io/istio:*`. It is recommended that users use the fully-qualified Docker image name (e.g. start with a domain name) in order to avoid unexpectedly exempting images from an untrusted repository.",
"portalReview": true
}
},
"effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"requiredRetentionDays-f9be5368-9bf5-4b84-9e0a-7850da98bb46": {
"type": "String",
"defaultValue": "365",
"metadata": {
"displayName": "Required retention (days)",
"description": "The required resource logs retention in days"
}
},
"effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"requiredRetentionDays-f8d36e2f-389b-4ee4-898d-21aeb69a0f45": {
"type": "String",
"defaultValue": "365",
"metadata": {
"displayName": "Required retention (days)",
"description": "The required resource logs retention in days"
}
},
"effect-013e242c-8828-4970-87b3-ab247555486d": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-6c53d030-cc64-46f0-906d-2bc061cd1334": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-8405fdab-1faf-48aa-b702-999c9c172094": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-b5ec538c-daa0-4006-8596-35468b9148e8": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-21a6bc25-125e-4d13-b82d-2e19b7208ab7": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-6ba6d016-e7c3-4842-b8f2-4992ebc0d72d": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-1bc02227-0cb6-4e11-8f53-eb0b22eab7e8": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"maximumValidityInMonths-0a075868-4c26-42ef-914c-5bc007359560": {
"type": "Integer",
"defaultValue": 12,
"metadata": {
"displayName": "The maximum validity in months",
"description": "The limit to how long a certificate may be valid for. Certificates with lengthy validity periods aren't best practice."
}
},
"effect-0a075868-4c26-42ef-914c-5bc007359560": {
"type": "string",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-56fd377d-098c-4f02-8406-81eb055902b8": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"listOfImageIdToInclude_windows-e2dd799a-a932-4e9d-ac17-d473bc3c6c10": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Optional: List of virtual machine images that have supported Windows OS to add to scope",
"description": "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
}
},
"listOfImageIdToInclude_linux-e2dd799a-a932-4e9d-ac17-d473bc3c6c10": {
"type": "Array",
"defaultValue": [],
"metadata": {
"displayName": "Optional: List of virtual machine images that have supported Linux OS to add to scope",
"description": "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
}
},
"effect-e2dd799a-a932-4e9d-ac17-d473bc3c6c10": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"effect-deeddb44-9f94-4903-9fa0-081d524406e3": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"source-9f061a12-e40d-4183-a00e-171812443373": {
"type": "String",
"defaultValue": "Original",
"allowedValues": [
"All",
"Generated",
"Original"
],
"metadata": {
"displayName": "Source",
"description": "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones."
}
},
"warn-9f061a12-e40d-4183-a00e-171812443373": {
"type": "Boolean",
"defaultValue": false,
"metadata": {
"displayName": "Warn",
"description": "Whether or not to return warnings back to the user in the kubectl cli"
}
},
"effect-9f061a12-e40d-4183-a00e-171812443373": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: An activity log alert should exist for specific Administrative operations (Microsoft.ClassicNetwork/networkSecurityGroups/securityRules/write)",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
}
},
"excludedNamespaces-9f061a12-e40d-4183-a00e-171812443373": {
"type": "Array",
"defaultValue": [
"kube-system",
"gatekeeper-system",
"azure-arc",
"azure-extensions-usage-system"
],
"metadata": {
"displayName": "Namespace exclusions",
"description": "List of Kubernetes namespaces to exclude from policy evaluation. System namespaces \"kube-system\", \"gatekeeper-system\" and \"azure-arc\" are always excluded by design. \"azure-extensions-usage-system\" is optional to remove."
}
},
"namespaces-9f061a12-e40d-4183-a00e-171812443373": {
"type": "Array",
"defaultValue": [
"default"
],
"metadata": {
"displayName": "Namespace inclusions",
"description": "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces."
}
},
"labelSelector-9f061a12-e40d-4183-a00e-171812443373": {
"type": "object",
"defaultValue": {},
"metadata": {
"displayName": "Kubernetes label selector",
"description": "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources."
}
}
},
"policyDefinitions": [
{
"policyDefinitionReferenceId": "81e74cea-30fd-40d5-802f-d72103c2aaaa",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/81e74cea-30fd-40d5-802f-d72103c2aaaa",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_17",
"CSA_v4.0.12_UEM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-81e74cea-30fd-40d5-802f-d72103c2aaaa')]"
}
}
},
{
"policyDefinitionReferenceId": "f655e522-adff-494d-95c2-52d4f6d56a42",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f655e522-adff-494d-95c2-52d4f6d56a42",
"definitionVersion": "3.*.*-preview",
"groupNames": [
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_17",
"CSA_v4.0.12_UEM_08",
"CSA_v4.0.12_IVS_07",
"CSA_v4.0.12_TVM_07"
],
"parameters": {
"effect": {
"value": "[parameters('effect-f655e522-adff-494d-95c2-52d4f6d56a42')]"
}
}
},
{
"policyDefinitionReferenceId": "ea53dbee-c6c9-4f0e-9f9e-de0039b78023",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_11"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-ea53dbee-c6c9-4f0e-9f9e-de0039b78023')]"
},
"effect": {
"value": "[parameters('effect-ea53dbee-c6c9-4f0e-9f9e-de0039b78023')]"
}
}
},
{
"policyDefinitionReferenceId": "3b980d31-7904-4bb7-8575-5665739a8052",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3b980d31-7904-4bb7-8575-5665739a8052",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_LOG_07"
],
"parameters": {
"effect": {
"value": "[parameters('effect-3b980d31-7904-4bb7-8575-5665739a8052')]"
},
"operationName": {
"value": "[parameters('operationName-3b980d31-7904-4bb7-8575-5665739a8052')]"
}
}
},
{
"policyDefinitionReferenceId": "c251913d-7d24-4958-af87-478ed3b9ba41",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"effect": {
"value": "[parameters('effect-c251913d-7d24-4958-af87-478ed3b9ba41')]"
}
}
},
{
"policyDefinitionReferenceId": "47031206-ce96-41f8-861b-6a915f3de284",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47031206-ce96-41f8-861b-6a915f3de284",
"definitionVersion": "1.*.*-preview",
"groupNames": [
"CSA_v4.0.12_CEK_01",
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_08",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_21",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_UEM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-47031206-ce96-41f8-861b-6a915f3de284')]"
}
}
},
{
"policyDefinitionReferenceId": "a1817ec0-a368-432a-8057-8371e17ac6ee",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-a1817ec0-a368-432a-8057-8371e17ac6ee')]"
}
}
},
{
"policyDefinitionReferenceId": "2913021d-f2fd-4f3d-b958-22354e2bdbcb",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-2913021d-f2fd-4f3d-b958-22354e2bdbcb')]"
}
}
},
{
"policyDefinitionReferenceId": "0a15ec92-a229-4763-bb14-0ea34a568f8d",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"effect": {
"value": "[parameters('effect-0a15ec92-a229-4763-bb14-0ea34a568f8d')]"
}
}
},
{
"policyDefinitionReferenceId": "0e60b895-3786-45da-8377-9c6b4b6ac5f9",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e60b895-3786-45da-8377-9c6b4b6ac5f9",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9')]"
}
}
},
{
"policyDefinitionReferenceId": "a2a5b911-5617-447e-a49e-59dbe0e0434b",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a2a5b911-5617-447e-a49e-59dbe0e0434b",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-a2a5b911-5617-447e-a49e-59dbe0e0434b')]"
},
"requiredRetentionDays": {
"value": "[parameters('requiredRetentionDays-a2a5b911-5617-447e-a49e-59dbe0e0434b')]"
}
}
},
{
"policyDefinitionReferenceId": "7804b5c7-01dc-4723-969b-ae300cc07ff1",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7804b5c7-01dc-4723-969b-ae300cc07ff1",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-7804b5c7-01dc-4723-969b-ae300cc07ff1')]"
}
}
},
{
"policyDefinitionReferenceId": "055aa869-bc98-4af8-bafc-23f1ab6ffe2c",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IVS_03"
],
"parameters": {
"effect": {
"value": "[parameters('effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c')]"
}
}
},
{
"policyDefinitionReferenceId": "a1181c5f-672a-477a-979a-7d58aa086233",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"effect": {
"value": "[parameters('effect-a1181c5f-672a-477a-979a-7d58aa086233')]"
}
}
},
{
"policyDefinitionReferenceId": "3e596b57-105f-48a6-be97-03e9243bad6e",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3e596b57-105f-48a6-be97-03e9243bad6e",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11",
"CSA_v4.0.12_LOG_05",
"CSA_v4.0.12_LOG_13",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"effect": {
"value": "[parameters('effect-3e596b57-105f-48a6-be97-03e9243bad6e')]"
}
}
},
{
"policyDefinitionReferenceId": "3dc5edcd-002d-444c-b216-e123bbfa37c0",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3dc5edcd-002d-444c-b216-e123bbfa37c0",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_17",
"CSA_v4.0.12_UEM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-3dc5edcd-002d-444c-b216-e123bbfa37c0')]"
}
}
},
{
"policyDefinitionReferenceId": "8af8f826-edcb-4178-b35f-851ea6fea615",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8af8f826-edcb-4178-b35f-851ea6fea615",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-8af8f826-edcb-4178-b35f-851ea6fea615')]"
}
}
},
{
"policyDefinitionReferenceId": "501541f7-f7e7-4cd6-868c-4190fdad3ac9",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-501541f7-f7e7-4cd6-868c-4190fdad3ac9')]"
}
}
},
{
"policyDefinitionReferenceId": "c26596ff-4d70-4e6a-9a30-c2506bd2f80c",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c26596ff-4d70-4e6a-9a30-c2506bd2f80c",
"definitionVersion": "6.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12"
],
"parameters": {
"source": {
"value": "[parameters('source-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
},
"warn": {
"value": "[parameters('warn-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
},
"effect": {
"value": "[parameters('effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
},
"excludedNamespaces": {
"value": "[parameters('excludedNamespaces-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
},
"namespaces": {
"value": "[parameters('namespaces-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
},
"labelSelector": {
"value": "[parameters('labelSelector-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
},
"allowedCapabilities": {
"value": "[parameters('allowedCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
},
"requiredDropCapabilities": {
"value": "[parameters('requiredDropCapabilities-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
},
"excludedContainers": {
"value": "[parameters('excludedContainers-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
},
"excludedImages": {
"value": "[parameters('excludedImages-c26596ff-4d70-4e6a-9a30-c2506bd2f80c')]"
}
}
},
{
"policyDefinitionReferenceId": "7ff426e2-515f-405a-91c8-4f2333442eb5",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7ff426e2-515f-405a-91c8-4f2333442eb5",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07"
],
"parameters": {
"effect": {
"value": "[parameters('effect-7ff426e2-515f-405a-91c8-4f2333442eb5')]"
}
}
},
{
"policyDefinitionReferenceId": "98728c90-32c7-4049-8429-847dc0f4fe37",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CEK_05",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_11",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_CEK_01",
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_CEK_04",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_13",
"CSA_v4.0.12_CEK_14"
],
"parameters": {
"effect": {
"value": "[parameters('effect-98728c90-32c7-4049-8429-847dc0f4fe37')]"
}
}
},
{
"policyDefinitionReferenceId": "5450f5bd-9c72-4390-a9c4-a7aba4edfdd2",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11",
"CSA_v4.0.12_IAM_11",
"CSA_v4.0.12_IAM_03"
],
"parameters": {
"effect": {
"value": "[parameters('effect-5450f5bd-9c72-4390-a9c4-a7aba4edfdd2')]"
}
}
},
{
"policyDefinitionReferenceId": "33936777-f2ac-45aa-82ec-07958ec9ade4",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/33936777-f2ac-45aa-82ec-07958ec9ade4",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11",
"CSA_v4.0.12_LOG_13",
"CSA_v4.0.12_LOG_05"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-33936777-f2ac-45aa-82ec-07958ec9ade4')]"
},
"AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits": {
"value": "[parameters('AuditShutDownSystemImmediatelyIfUnableToLogSecurityAudits-33936777-f2ac-45aa-82ec-07958ec9ade4')]"
},
"effect": {
"value": "[parameters('effect-33936777-f2ac-45aa-82ec-07958ec9ade4')]"
}
}
},
{
"policyDefinitionReferenceId": "83a214f7-d01a-484b-91a9-ed54470c9a6a",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a",
"definitionVersion": "5.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-83a214f7-d01a-484b-91a9-ed54470c9a6a')]"
},
"requiredRetentionDays": {
"value": "[parameters('requiredRetentionDays-83a214f7-d01a-484b-91a9-ed54470c9a6a')]"
}
}
},
{
"policyDefinitionReferenceId": "3ac7c827-eea2-4bde-acc7-9568cd320efa",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3ac7c827-eea2-4bde-acc7-9568cd320efa",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-3ac7c827-eea2-4bde-acc7-9568cd320efa')]"
}
}
},
{
"policyDefinitionReferenceId": "18adea5e-f416-4d0f-8aa8-d24321e3e274",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_17",
"CSA_v4.0.12_UEM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-18adea5e-f416-4d0f-8aa8-d24321e3e274')]"
}
}
},
{
"policyDefinitionReferenceId": "152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CEK_05",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_CEK_01",
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_03"
],
"parameters": {
"effect": {
"value": "[parameters('effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0')]"
}
}
},
{
"policyDefinitionReferenceId": "0fdf0491-d080-4575-b627-ad0e843cba0f",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-0fdf0491-d080-4575-b627-ad0e843cba0f')]"
}
}
},
{
"policyDefinitionReferenceId": "afe0c3be-ba3b-4544-ba52-0c99672a8ad6",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/afe0c3be-ba3b-4544-ba52-0c99672a8ad6",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-afe0c3be-ba3b-4544-ba52-0c99672a8ad6')]"
},
"requiredRetentionDays": {
"value": "[parameters('requiredRetentionDays-afe0c3be-ba3b-4544-ba52-0c99672a8ad6')]"
}
}
},
{
"policyDefinitionReferenceId": "1221c620-d201-468c-81e7-2817e6107e84",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-1221c620-d201-468c-81e7-2817e6107e84')]"
},
"NetworkSecurityConfigureEncryptionTypesAllowedForKerberos": {
"value": "[parameters('NetworkSecurityConfigureEncryptionTypesAllowedForKerberos-1221c620-d201-468c-81e7-2817e6107e84')]"
},
"NetworkSecurityLANManagerAuthenticationLevel": {
"value": "[parameters('NetworkSecurityLANManagerAuthenticationLevel-1221c620-d201-468c-81e7-2817e6107e84')]"
},
"NetworkSecurityLDAPClientSigningRequirements": {
"value": "[parameters('NetworkSecurityLDAPClientSigningRequirements-1221c620-d201-468c-81e7-2817e6107e84')]"
},
"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients": {
"value": "[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCClients-1221c620-d201-468c-81e7-2817e6107e84')]"
},
"NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers": {
"value": "[parameters('NetworkSecurityMinimumSessionSecurityForNTLMSSPBasedIncludingSecureRPCServers-1221c620-d201-468c-81e7-2817e6107e84')]"
},
"effect": {
"value": "[parameters('effect-1221c620-d201-468c-81e7-2817e6107e84')]"
}
}
},
{
"policyDefinitionReferenceId": "404c3081-a854-4457-ae30-26a93ef643f9",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_01",
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_CEK_04",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_13",
"CSA_v4.0.12_CEK_14",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_17",
"CSA_v4.0.12_CEK_18",
"CSA_v4.0.12_CEK_19",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_CEK_21"
],
"parameters": {
"effect": {
"value": "[parameters('effect-404c3081-a854-4457-ae30-26a93ef643f9')]"
}
}
},
{
"policyDefinitionReferenceId": "ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9')]"
}
}
},
{
"policyDefinitionReferenceId": "0049a6b3-a662-4f3e-8635-39cf44ace45a",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-0049a6b3-a662-4f3e-8635-39cf44ace45a')]"
}
}
},
{
"policyDefinitionReferenceId": "fc9b3da7-8347-4380-8e70-0a0361d8dedd",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fc9b3da7-8347-4380-8e70-0a0361d8dedd",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IVS_04"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-fc9b3da7-8347-4380-8e70-0a0361d8dedd')]"
},
"effect": {
"value": "[parameters('effect-fc9b3da7-8347-4380-8e70-0a0361d8dedd')]"
}
}
},
{
"policyDefinitionReferenceId": "d46c275d-1680-448d-b2ec-e495a3b6cc89",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d46c275d-1680-448d-b2ec-e495a3b6cc89",
"definitionVersion": "5.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05"
],
"parameters": {
"source": {
"value": "[parameters('source-d46c275d-1680-448d-b2ec-e495a3b6cc89')]"
},
"warn": {
"value": "[parameters('warn-d46c275d-1680-448d-b2ec-e495a3b6cc89')]"
},
"effect": {
"value": "[parameters('effect-d46c275d-1680-448d-b2ec-e495a3b6cc89')]"
},
"excludedNamespaces": {
"value": "[parameters('excludedNamespaces-d46c275d-1680-448d-b2ec-e495a3b6cc89')]"
},
"namespaces": {
"value": "[parameters('namespaces-d46c275d-1680-448d-b2ec-e495a3b6cc89')]"
},
"labelSelector": {
"value": "[parameters('labelSelector-d46c275d-1680-448d-b2ec-e495a3b6cc89')]"
},
"allowedExternalIPs": {
"value": "[parameters('allowedExternalIPs-d46c275d-1680-448d-b2ec-e495a3b6cc89')]"
}
}
},
{
"policyDefinitionReferenceId": "87845465-c458-45f3-af66-dcd62176f397",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/87845465-c458-45f3-af66-dcd62176f397",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_03",
"CSA_v4.0.12_IAM_08"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-87845465-c458-45f3-af66-dcd62176f397')]"
},
"effect": {
"value": "[parameters('effect-87845465-c458-45f3-af66-dcd62176f397')]"
}
}
},
{
"policyDefinitionReferenceId": "efbde977-ba53-4479-b8e9-10b957924fbf",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/efbde977-ba53-4479-b8e9-10b957924fbf",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11",
"CSA_v4.0.12_LOG_05",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"effect": {
"value": "[parameters('effect-efbde977-ba53-4479-b8e9-10b957924fbf')]"
}
}
},
{
"policyDefinitionReferenceId": "e6955644-301c-44b5-a4c4-528577de6861",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_03",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-e6955644-301c-44b5-a4c4-528577de6861')]"
},
"effect": {
"value": "[parameters('effect-e6955644-301c-44b5-a4c4-528577de6861')]"
}
}
},
{
"policyDefinitionReferenceId": "1b8ca024-1d5c-4dec-8995-b1a932b41780",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-1b8ca024-1d5c-4dec-8995-b1a932b41780')]"
}
}
},
{
"policyDefinitionReferenceId": "0da106f2-4ca3-48e8-bc85-c638fe6aea8f",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0da106f2-4ca3-48e8-bc85-c638fe6aea8f",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_03",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15"
],
"parameters": {
"effect": {
"value": "[parameters('effect-0da106f2-4ca3-48e8-bc85-c638fe6aea8f')]"
}
}
},
{
"policyDefinitionReferenceId": "1afada58-8b34-7ac2-a38a-983218635201",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1afada58-8b34-7ac2-a38a-983218635201",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-1afada58-8b34-7ac2-a38a-983218635201')]"
}
}
},
{
"policyDefinitionReferenceId": "f4b53539-8df9-40e4-86c6-6b607703bd4e",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f4b53539-8df9-40e4-86c6-6b607703bd4e",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_17",
"CSA_v4.0.12_UEM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-f4b53539-8df9-40e4-86c6-6b607703bd4e')]"
}
}
},
{
"policyDefinitionReferenceId": "331e8ea8-378a-410f-a2e5-ae22f38bb0da",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_02",
"CSA_v4.0.12_CCC_02",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_09",
"CSA_v4.0.12_UEM_03",
"CSA_v4.0.12_UEM_05",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_TVM_04"
]
},
{
"policyDefinitionReferenceId": "862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb')]"
}
}
},
{
"policyDefinitionReferenceId": "df49d893-a74c-421d-bc95-c663042e5b80",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/df49d893-a74c-421d-bc95-c663042e5b80",
"definitionVersion": "6.*.*",
"groupNames": [
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_IVS_07",
"CSA_v4.0.12_TVM_07"
],
"parameters": {
"source": {
"value": "[parameters('source-df49d893-a74c-421d-bc95-c663042e5b80')]"
},
"warn": {
"value": "[parameters('warn-df49d893-a74c-421d-bc95-c663042e5b80')]"
},
"effect": {
"value": "[parameters('effect-df49d893-a74c-421d-bc95-c663042e5b80')]"
},
"excludedNamespaces": {
"value": "[parameters('excludedNamespaces-df49d893-a74c-421d-bc95-c663042e5b80')]"
},
"namespaces": {
"value": "[parameters('namespaces-df49d893-a74c-421d-bc95-c663042e5b80')]"
},
"labelSelector": {
"value": "[parameters('labelSelector-df49d893-a74c-421d-bc95-c663042e5b80')]"
},
"excludedContainers": {
"value": "[parameters('excludedContainers-df49d893-a74c-421d-bc95-c663042e5b80')]"
},
"excludedImages": {
"value": "[parameters('excludedImages-df49d893-a74c-421d-bc95-c663042e5b80')]"
}
}
},
{
"policyDefinitionReferenceId": "0aa61e00-0a01-4a3c-9945-e93cffedf0e6",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_01",
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_CEK_04",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_13",
"CSA_v4.0.12_CEK_14",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_17",
"CSA_v4.0.12_CEK_18",
"CSA_v4.0.12_CEK_19",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_CEK_21"
],
"parameters": {
"effect": {
"value": "[parameters('effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6')]"
}
}
},
{
"policyDefinitionReferenceId": "75c4f823-d65c-4f29-a733-01d0077fdbcb",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16"
],
"parameters": {
"allowedKeyTypes": {
"value": "[parameters('allowedKeyTypes-75c4f823-d65c-4f29-a733-01d0077fdbcb')]"
},
"effect": {
"value": "[parameters('effect-75c4f823-d65c-4f29-a733-01d0077fdbcb')]"
}
}
},
{
"policyDefinitionReferenceId": "35f9c03a-cc27-418e-9c0c-539ff999d010",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_HRS_04"
],
"parameters": {}
},
{
"policyDefinitionReferenceId": "0ec47710-77ff-4a3d-9181-6aa50af424d0",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_BCR_08",
"CSA_v4.0.12_CEK_08",
"CSA_v4.0.12_CEK_20"
],
"parameters": {
"effect": {
"value": "[parameters('effect-0ec47710-77ff-4a3d-9181-6aa50af424d0')]"
}
}
},
{
"policyDefinitionReferenceId": "c43e4a30-77cb-48ab-a4dd-93f175c63b57",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57')]"
}
}
},
{
"policyDefinitionReferenceId": "69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f')]"
},
"MembersToExclude": {
"value": "[parameters('MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f')]"
}
}
},
{
"policyDefinitionReferenceId": "0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08"
],
"parameters": {}
},
{
"policyDefinitionReferenceId": "1a4e592a-6a6e-44a5-9814-e36264ca96e7",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1a4e592a-6a6e-44a5-9814-e36264ca96e7",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CCC_06",
"CSA_v4.0.12_CEK_05",
"CSA_v4.0.12_CEK_06",
"CSA_v4.0.12_CEK_07",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_DCS_05",
"CSA_v4.0.12_DCS_06",
"CSA_v4.0.12_UEM_04",
"CSA_v4.0.12_UEM_07",
"CSA_v4.0.12_UEM_12",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_IVS_07",
"CSA_v4.0.12_TVM_07"
],
"parameters": {
"effect": {
"value": "[parameters('effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7')]"
}
}
},
{
"policyDefinitionReferenceId": "423dd1ba-798e-40e4-9c4d-b6902674b423",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/423dd1ba-798e-40e4-9c4d-b6902674b423",
"definitionVersion": "4.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_IAM_10"
],
"parameters": {
"source": {
"value": "[parameters('source-423dd1ba-798e-40e4-9c4d-b6902674b423')]"
},
"warn": {
"value": "[parameters('warn-423dd1ba-798e-40e4-9c4d-b6902674b423')]"
},
"effect": {
"value": "[parameters('effect-423dd1ba-798e-40e4-9c4d-b6902674b423')]"
},
"excludedImages": {
"value": "[parameters('excludedImages-423dd1ba-798e-40e4-9c4d-b6902674b423')]"
},
"excludedNamespaces": {
"value": "[parameters('excludedNamespaces-423dd1ba-798e-40e4-9c4d-b6902674b423')]"
},
"namespaces": {
"value": "[parameters('namespaces-423dd1ba-798e-40e4-9c4d-b6902674b423')]"
},
"labelSelector": {
"value": "[parameters('labelSelector-423dd1ba-798e-40e4-9c4d-b6902674b423')]"
}
}
},
{
"policyDefinitionReferenceId": "2158ddbe-fefa-408e-b43f-d4faef8ff3b8",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2158ddbe-fefa-408e-b43f-d4faef8ff3b8",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_11",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14"
],
"parameters": {
"effect": {
"value": "[parameters('effect-2158ddbe-fefa-408e-b43f-d4faef8ff3b8')]"
}
}
},
{
"policyDefinitionReferenceId": "797b37f7-06b8-444c-b1ad-fc62867f335a",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-797b37f7-06b8-444c-b1ad-fc62867f335a')]"
}
}
},
{
"policyDefinitionReferenceId": "0a914e76-4921-4c19-b460-a2d36003525a",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
]
},
{
"policyDefinitionReferenceId": "22bee202-a82f-4305-9a2a-6d7f44d4dedb",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb')]"
}
}
},
{
"policyDefinitionReferenceId": "6e2593d9-add6-4083-9c9b-4b7d2188c899",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_LOG_09",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"effect": {
"value": "[parameters('effect-6e2593d9-add6-4083-9c9b-4b7d2188c899')]"
}
}
},
{
"policyDefinitionReferenceId": "94d9aca8-3757-46df-aa51-f218c5f11954",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/94d9aca8-3757-46df-aa51-f218c5f11954",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-94d9aca8-3757-46df-aa51-f218c5f11954')]"
},
"effect": {
"value": "[parameters('effect-94d9aca8-3757-46df-aa51-f218c5f11954')]"
}
}
},
{
"policyDefinitionReferenceId": "8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_IAM_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54')]"
}
}
},
{
"policyDefinitionReferenceId": "2d21331d-a4c2-4def-a9ad-ee4e1e023beb",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2d21331d-a4c2-4def-a9ad-ee4e1e023beb",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-2d21331d-a4c2-4def-a9ad-ee4e1e023beb')]"
}
}
},
{
"policyDefinitionReferenceId": "56a5ee18-2ae6-4810-86f7-18e39ce5629b",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/56a5ee18-2ae6-4810-86f7-18e39ce5629b",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_01",
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_CEK_04",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_13",
"CSA_v4.0.12_CEK_14",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_17",
"CSA_v4.0.12_CEK_18",
"CSA_v4.0.12_CEK_19",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_CEK_21"
],
"parameters": {
"effect": {
"value": "[parameters('effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b')]"
}
}
},
{
"policyDefinitionReferenceId": "3d2a3320-2a72-4c67-ac5f-caa40fbee2b2",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3d2a3320-2a72-4c67-ac5f-caa40fbee2b2",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2')]"
},
"Members": {
"value": "[parameters('Members-3d2a3320-2a72-4c67-ac5f-caa40fbee2b2')]"
}
}
},
{
"policyDefinitionReferenceId": "bf16e0bb-31e1-4646-8202-60a235cc7e74",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_IAM_03"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-bf16e0bb-31e1-4646-8202-60a235cc7e74')]"
},
"effect": {
"value": "[parameters('effect-bf16e0bb-31e1-4646-8202-60a235cc7e74')]"
}
}
},
{
"policyDefinitionReferenceId": "8dfab9c4-fe7b-49ad-85e4-1e9be085358f",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8dfab9c4-fe7b-49ad-85e4-1e9be085358f",
"definitionVersion": "6.*.*-preview",
"groupNames": [
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_TVM_01",
"CSA_v4.0.12_TVM_09",
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12"
],
"parameters": {
"effect": {
"value": "[parameters('effect-8dfab9c4-fe7b-49ad-85e4-1e9be085358f')]"
}
}
},
{
"policyDefinitionReferenceId": "46aa9b05-0e60-4eae-a88b-1e9d374fa515",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_UEM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-46aa9b05-0e60-4eae-a88b-1e9d374fa515')]"
}
}
},
{
"policyDefinitionReferenceId": "abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12"
],
"parameters": {
"effect": {
"value": "[parameters('effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9')]"
}
}
},
{
"policyDefinitionReferenceId": "91a78b24-f231-4a8a-8da9-02c35b2b6510",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/91a78b24-f231-4a8a-8da9-02c35b2b6510",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07"
],
"parameters": {
"effect": {
"value": "[parameters('effect-91a78b24-f231-4a8a-8da9-02c35b2b6510')]"
},
"requiredRetentionDays": {
"value": "[parameters('requiredRetentionDays-91a78b24-f231-4a8a-8da9-02c35b2b6510')]"
}
}
},
{
"policyDefinitionReferenceId": "d461a302-a187-421a-89ac-84acdb4edc04",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d461a302-a187-421a-89ac-84acdb4edc04",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_01",
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_CEK_04",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_13",
"CSA_v4.0.12_CEK_14",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_17",
"CSA_v4.0.12_CEK_18",
"CSA_v4.0.12_CEK_19",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_CEK_21"
],
"parameters": {
"allowedEncryptionSets": {
"value": "[parameters('allowedEncryptionSets-d461a302-a187-421a-89ac-84acdb4edc04')]"
},
"effect": {
"value": "[parameters('effect-d461a302-a187-421a-89ac-84acdb4edc04')]"
}
}
},
{
"policyDefinitionReferenceId": "3bc8a0d5-38e0-4a3d-a657-2cb64468fc34",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3bc8a0d5-38e0-4a3d-a657-2cb64468fc34",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12"
],
"parameters": {
"effect": {
"value": "[parameters('effect-3bc8a0d5-38e0-4a3d-a657-2cb64468fc34')]"
}
}
},
{
"policyDefinitionReferenceId": "1c6e92c9-99f0-4e55-9cf2-0c234dc48f99",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99",
"definitionVersion": "7.*.*",
"groupNames": [
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"source": {
"value": "[parameters('source-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99')]"
},
"warn": {
"value": "[parameters('warn-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99')]"
},
"effect": {
"value": "[parameters('effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99')]"
},
"excludedNamespaces": {
"value": "[parameters('excludedNamespaces-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99')]"
},
"namespaces": {
"value": "[parameters('namespaces-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99')]"
},
"labelSelector": {
"value": "[parameters('labelSelector-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99')]"
},
"excludedContainers": {
"value": "[parameters('excludedContainers-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99')]"
},
"excludedImages": {
"value": "[parameters('excludedImages-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99')]"
}
}
},
{
"policyDefinitionReferenceId": "ca91455f-eace-4f96-be59-e6e2c35b4816",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ca91455f-eace-4f96-be59-e6e2c35b4816",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_01",
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_CEK_04",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_13",
"CSA_v4.0.12_CEK_14",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_17",
"CSA_v4.0.12_CEK_18",
"CSA_v4.0.12_CEK_19",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_CEK_21"
],
"parameters": {
"effect": {
"value": "[parameters('effect-ca91455f-eace-4f96-be59-e6e2c35b4816')]"
}
}
},
{
"policyDefinitionReferenceId": "f4826e5f-6a27-407c-ae3e-9582eb39891d",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_IAM_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-f4826e5f-6a27-407c-ae3e-9582eb39891d')]"
}
}
},
{
"policyDefinitionReferenceId": "7803067c-7d34-46e3-8c79-0ca68fc4036d",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7803067c-7d34-46e3-8c79-0ca68fc4036d",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-7803067c-7d34-46e3-8c79-0ca68fc4036d')]"
}
}
},
{
"policyDefinitionReferenceId": "34c877ad-507e-4c82-993e-3452a6e0ad3c",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-34c877ad-507e-4c82-993e-3452a6e0ad3c')]"
}
}
},
{
"policyDefinitionReferenceId": "37e0d2fe-28a5-43d6-a273-67d37d1f5606",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606')]"
}
}
},
{
"policyDefinitionReferenceId": "3d9f5e4c-9947-4579-9539-2a7695fbc187",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3d9f5e4c-9947-4579-9539-2a7695fbc187",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-3d9f5e4c-9947-4579-9539-2a7695fbc187')]"
}
}
},
{
"policyDefinitionReferenceId": "f6de0be7-9a8a-4b8a-b349-43cf02d22f7c",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c')]"
}
}
},
{
"policyDefinitionReferenceId": "009a0c92-f5b4-4776-9b66-4ed2b4775563",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/009a0c92-f5b4-4776-9b66-4ed2b4775563",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-009a0c92-f5b4-4776-9b66-4ed2b4775563')]"
}
}
},
{
"policyDefinitionReferenceId": "87ba29ef-1ab3-4d82-b763-87fcd4f531f7",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_01",
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_CEK_04",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_13",
"CSA_v4.0.12_CEK_14",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_17",
"CSA_v4.0.12_CEK_18",
"CSA_v4.0.12_CEK_19",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_CEK_21"
],
"parameters": {
"effect": {
"value": "[parameters('effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7')]"
}
}
},
{
"policyDefinitionReferenceId": "fb893a29-21bb-418c-a157-e99480ec364c",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-fb893a29-21bb-418c-a157-e99480ec364c')]"
}
}
},
{
"policyDefinitionReferenceId": "af35e2a4-ef96-44e7-a9ae-853dd97032c4",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af35e2a4-ef96-44e7-a9ae-853dd97032c4",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-af35e2a4-ef96-44e7-a9ae-853dd97032c4')]"
},
"evaluatedSkuNames": {
"value": "[parameters('evaluatedSkuNames-af35e2a4-ef96-44e7-a9ae-853dd97032c4')]"
}
}
},
{
"policyDefinitionReferenceId": "2393d2cf-a342-44cd-a2e2-fe0188fd1234",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2393d2cf-a342-44cd-a2e2-fe0188fd1234",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-2393d2cf-a342-44cd-a2e2-fe0188fd1234')]"
}
}
},
{
"policyDefinitionReferenceId": "b8564268-eb4a-4337-89be-a19db070c59d",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b8564268-eb4a-4337-89be-a19db070c59d",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-b8564268-eb4a-4337-89be-a19db070c59d')]"
}
}
},
{
"policyDefinitionReferenceId": "0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_BCR_08",
"CSA_v4.0.12_CEK_08",
"CSA_v4.0.12_CEK_20"
],
"parameters": {
"effect": {
"value": "[parameters('effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53')]"
}
}
},
{
"policyDefinitionReferenceId": "967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_01",
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_CEK_04",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_13",
"CSA_v4.0.12_CEK_14",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_17",
"CSA_v4.0.12_CEK_18",
"CSA_v4.0.12_CEK_19",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_CEK_21"
],
"parameters": {
"effect": {
"value": "[parameters('effect-967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1')]"
}
}
},
{
"policyDefinitionReferenceId": "e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16"
],
"parameters": {
"effect": {
"value": "[parameters('effect-e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f')]"
}
}
},
{
"policyDefinitionReferenceId": "4fa4b6c0-31ca-4c0d-b10d-24b96f62a751",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751",
"definitionVersion": "3.*.*-preview",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-4fa4b6c0-31ca-4c0d-b10d-24b96f62a751')]"
}
}
},
{
"policyDefinitionReferenceId": "55615ac9-af46-4a59-874e-391cc3dfb490",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-55615ac9-af46-4a59-874e-391cc3dfb490')]"
},
"restrictIPAddresses": {
"value": "[parameters('restrictIPAddresses-55615ac9-af46-4a59-874e-391cc3dfb490')]"
},
"allowedIPAddresses": {
"value": "[parameters('allowedIPAddresses-55615ac9-af46-4a59-874e-391cc3dfb490')]"
},
"forbiddenIPAddresses": {
"value": "[parameters('forbiddenIPAddresses-55615ac9-af46-4a59-874e-391cc3dfb490')]"
}
}
},
{
"policyDefinitionReferenceId": "c4857be7-912a-4c75-87e6-e30292bcdf78",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c4857be7-912a-4c75-87e6-e30292bcdf78",
"definitionVersion": "1.*.*-preview",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-c4857be7-912a-4c75-87e6-e30292bcdf78')]"
}
}
},
{
"policyDefinitionReferenceId": "11ac78e3-31bc-4f0c-8434-37ab963cea07",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_CCC_06",
"CSA_v4.0.12_CEK_05",
"CSA_v4.0.12_CEK_06",
"CSA_v4.0.12_CEK_07",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_DCS_05",
"CSA_v4.0.12_DCS_06",
"CSA_v4.0.12_UEM_04",
"CSA_v4.0.12_UEM_07",
"CSA_v4.0.12_UEM_12"
],
"parameters": {
"listOfImageIdToInclude_windows": {
"value": "[parameters('listOfImageIdToInclude_windows-11ac78e3-31bc-4f0c-8434-37ab963cea07')]"
},
"listOfImageIdToInclude_linux": {
"value": "[parameters('listOfImageIdToInclude_linux-11ac78e3-31bc-4f0c-8434-37ab963cea07')]"
},
"effect": {
"value": "[parameters('effect-11ac78e3-31bc-4f0c-8434-37ab963cea07')]"
}
}
},
{
"policyDefinitionReferenceId": "4ceb8dc2-559c-478b-a15b-733fbf1e3738",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-4ceb8dc2-559c-478b-a15b-733fbf1e3738')]"
},
"MaximumPasswordAge": {
"value": "[parameters('MaximumPasswordAge-4ceb8dc2-559c-478b-a15b-733fbf1e3738')]"
},
"effect": {
"value": "[parameters('effect-4ceb8dc2-559c-478b-a15b-733fbf1e3738')]"
}
}
},
{
"policyDefinitionReferenceId": "f47b5582-33ec-4c5c-87c0-b010a6b2e917",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"logAnalyticsWorkspaceId": {
"value": "[parameters('logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917')]"
},
"effect": {
"value": "[parameters('effect-f47b5582-33ec-4c5c-87c0-b010a6b2e917')]"
}
}
},
{
"policyDefinitionReferenceId": "ae5d2f14-d830-42b6-9899-df6cfe9c71a3",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ae5d2f14-d830-42b6-9899-df6cfe9c71a3",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-ae5d2f14-d830-42b6-9899-df6cfe9c71a3')]"
}
}
},
{
"policyDefinitionReferenceId": "a70ca396-0a34-413a-88e1-b956c1e683be",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a70ca396-0a34-413a-88e1-b956c1e683be",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11",
"CSA_v4.0.12_LOG_05",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"effect": {
"value": "[parameters('effect-a70ca396-0a34-413a-88e1-b956c1e683be')]"
}
}
},
{
"policyDefinitionReferenceId": "7796937f-307b-4598-941c-67d3a05ebfe7",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7796937f-307b-4598-941c-67d3a05ebfe7",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-7796937f-307b-4598-941c-67d3a05ebfe7')]"
}
}
},
{
"policyDefinitionReferenceId": "ff25f3c8-b739-4538-9d07-3d6d25cfb255",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16"
],
"parameters": {
"allowedECNames": {
"value": "[parameters('allowedECNames-ff25f3c8-b739-4538-9d07-3d6d25cfb255')]"
},
"effect": {
"value": "[parameters('effect-ff25f3c8-b739-4538-9d07-3d6d25cfb255')]"
}
}
},
{
"policyDefinitionReferenceId": "cb510bfd-1cba-4d9f-a230-cb0976f4bb71",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cb510bfd-1cba-4d9f-a230-cb0976f4bb71",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_02",
"CSA_v4.0.12_CCC_02",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_09",
"CSA_v4.0.12_UEM_03",
"CSA_v4.0.12_UEM_05",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_CEK_08",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_19",
"CSA_v4.0.12_CEK_21",
"CSA_v4.0.12_IAM_09",
"CSA_v4.0.12_UEM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71')]"
}
}
},
{
"policyDefinitionReferenceId": "4c3c6c5f-0d47-4402-99b8-aa543dd8bcee",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4c3c6c5f-0d47-4402-99b8-aa543dd8bcee",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07"
],
"parameters": {
"effect": {
"value": "[parameters('effect-4c3c6c5f-0d47-4402-99b8-aa543dd8bcee')]"
}
}
},
{
"policyDefinitionReferenceId": "d6759c02-b87f-42b7-892e-71b3f471d782",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d6759c02-b87f-42b7-892e-71b3f471d782",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_HRS_04",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-d6759c02-b87f-42b7-892e-71b3f471d782')]"
}
}
},
{
"policyDefinitionReferenceId": "e068b215-0026-4354-b347-8fb2766f73a2",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e068b215-0026-4354-b347-8fb2766f73a2",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_AIS_02",
"CSA_v4.0.12_CCC_02",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_09",
"CSA_v4.0.12_UEM_03"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersOrGroupsThatMayAccessThisComputerFromTheNetwork": {
"value": "[parameters('UsersOrGroupsThatMayAccessThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersOrGroupsThatMayLogOnLocally": {
"value": "[parameters('UsersOrGroupsThatMayLogOnLocally-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices": {
"value": "[parameters('UsersOrGroupsThatMayLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork": {
"value": "[parameters('UsersAndGroupsThatAreDeniedAccessToThisComputerFromTheNetwork-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersOrGroupsThatMayManageAuditingAndSecurityLog": {
"value": "[parameters('UsersOrGroupsThatMayManageAuditingAndSecurityLog-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersOrGroupsThatMayBackUpFilesAndDirectories": {
"value": "[parameters('UsersOrGroupsThatMayBackUpFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersOrGroupsThatMayChangeTheSystemTime": {
"value": "[parameters('UsersOrGroupsThatMayChangeTheSystemTime-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersOrGroupsThatMayChangeTheTimeZone": {
"value": "[parameters('UsersOrGroupsThatMayChangeTheTimeZone-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersOrGroupsThatMayCreateATokenObject": {
"value": "[parameters('UsersOrGroupsThatMayCreateATokenObject-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob": {
"value": "[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsABatchJob-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersAndGroupsThatAreDeniedLoggingOnAsAService": {
"value": "[parameters('UsersAndGroupsThatAreDeniedLoggingOnAsAService-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersAndGroupsThatAreDeniedLocalLogon": {
"value": "[parameters('UsersAndGroupsThatAreDeniedLocalLogon-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices": {
"value": "[parameters('UsersAndGroupsThatAreDeniedLogOnThroughRemoteDesktopServices-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UserAndGroupsThatMayForceShutdownFromARemoteSystem": {
"value": "[parameters('UserAndGroupsThatMayForceShutdownFromARemoteSystem-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersAndGroupsThatMayRestoreFilesAndDirectories": {
"value": "[parameters('UsersAndGroupsThatMayRestoreFilesAndDirectories-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersAndGroupsThatMayShutDownTheSystem": {
"value": "[parameters('UsersAndGroupsThatMayShutDownTheSystem-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects": {
"value": "[parameters('UsersOrGroupsThatMayTakeOwnershipOfFilesOrOtherObjects-e068b215-0026-4354-b347-8fb2766f73a2')]"
},
"effect": {
"value": "[parameters('effect-e068b215-0026-4354-b347-8fb2766f73a2')]"
}
}
},
{
"policyDefinitionReferenceId": "5e1de0e3-42cb-4ebc-a86d-61d0c619ca48",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-5e1de0e3-42cb-4ebc-a86d-61d0c619ca48')]"
}
}
},
{
"policyDefinitionReferenceId": "d26f7642-7545-4e18-9b75-8c9bbdee3a9a",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_CCC_06",
"CSA_v4.0.12_CEK_05",
"CSA_v4.0.12_CEK_06",
"CSA_v4.0.12_CEK_07",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_DCS_05",
"CSA_v4.0.12_DCS_06",
"CSA_v4.0.12_UEM_04",
"CSA_v4.0.12_UEM_07",
"CSA_v4.0.12_UEM_12"
],
"parameters": {
"effect": {
"value": "[parameters('effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a')]"
}
}
},
{
"policyDefinitionReferenceId": "97566dd7-78ae-4997-8b36-1c7bfe0d8121",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/97566dd7-78ae-4997-8b36-1c7bfe0d8121",
"definitionVersion": "4.*.*-preview",
"groupNames": [
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_IVS_07",
"CSA_v4.0.12_TVM_07"
],
"parameters": {
"effect": {
"value": "[parameters('effect-97566dd7-78ae-4997-8b36-1c7bfe0d8121')]"
}
}
},
{
"policyDefinitionReferenceId": "c0e996f8-39cf-4af9-9f45-83fbde810432",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c0e996f8-39cf-4af9-9f45-83fbde810432",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_02",
"CSA_v4.0.12_CCC_02",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_09",
"CSA_v4.0.12_UEM_03",
"CSA_v4.0.12_UEM_05",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IVS_04"
],
"parameters": {
"effect": {
"value": "[parameters('effect-c0e996f8-39cf-4af9-9f45-83fbde810432')]"
},
"approvedExtensions": {
"value": "[parameters('approvedExtensions-c0e996f8-39cf-4af9-9f45-83fbde810432')]"
}
}
},
{
"policyDefinitionReferenceId": "d416745a-506c-48b6-8ab1-83cb814bcaa3",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d416745a-506c-48b6-8ab1-83cb814bcaa3",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_AIS_02",
"CSA_v4.0.12_CCC_02",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_09",
"CSA_v4.0.12_UEM_03",
"CSA_v4.0.12_UEM_05",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_CCC_06",
"CSA_v4.0.12_CEK_05",
"CSA_v4.0.12_CEK_06",
"CSA_v4.0.12_CEK_07",
"CSA_v4.0.12_CEK_20"
],
"parameters": {
"effect": {
"value": "[parameters('effect-d416745a-506c-48b6-8ab1-83cb814bcaa3')]"
},
"virtualNetworkId": {
"value": "[parameters('virtualNetworkId-d416745a-506c-48b6-8ab1-83cb814bcaa3')]"
}
}
},
{
"policyDefinitionReferenceId": "6581d072-105e-4418-827f-bd446d56421b",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_IVS_07",
"CSA_v4.0.12_TVM_07"
],
"parameters": {
"effect": {
"value": "[parameters('effect-6581d072-105e-4418-827f-bd446d56421b')]"
}
}
},
{
"policyDefinitionReferenceId": "c9d007d0-c057-4772-b18c-01e546713bcd",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c9d007d0-c057-4772-b18c-01e546713bcd",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-c9d007d0-c057-4772-b18c-01e546713bcd')]"
}
}
},
{
"policyDefinitionReferenceId": "ae89ebca-1c92-4898-ac2c-9f63decb045c",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ae89ebca-1c92-4898-ac2c-9f63decb045c",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_02",
"CSA_v4.0.12_CCC_02",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_09",
"CSA_v4.0.12_UEM_03",
"CSA_v4.0.12_UEM_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-ae89ebca-1c92-4898-ac2c-9f63decb045c')]"
}
}
},
{
"policyDefinitionReferenceId": "2a7a701e-dff3-4da9-9ec5-42cb98594c0b",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2a7a701e-dff3-4da9-9ec5-42cb98594c0b",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_03"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-2a7a701e-dff3-4da9-9ec5-42cb98594c0b')]"
},
"AuditAuthenticationPolicyChange": {
"value": "[parameters('AuditAuthenticationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b')]"
},
"AuditAuthorizationPolicyChange": {
"value": "[parameters('AuditAuthorizationPolicyChange-2a7a701e-dff3-4da9-9ec5-42cb98594c0b')]"
},
"effect": {
"value": "[parameters('effect-2a7a701e-dff3-4da9-9ec5-42cb98594c0b')]"
}
}
},
{
"policyDefinitionReferenceId": "492a29ed-d143-4f03-b6a4-705ce081b463",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/492a29ed-d143-4f03-b6a4-705ce081b463",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-492a29ed-d143-4f03-b6a4-705ce081b463')]"
},
"UACAdminApprovalModeForTheBuiltinAdministratorAccount": {
"value": "[parameters('UACAdminApprovalModeForTheBuiltinAdministratorAccount-492a29ed-d143-4f03-b6a4-705ce081b463')]"
},
"UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode": {
"value": "[parameters('UACBehaviorOfTheElevationPromptForAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463')]"
},
"UACDetectApplicationInstallationsAndPromptForElevation": {
"value": "[parameters('UACDetectApplicationInstallationsAndPromptForElevation-492a29ed-d143-4f03-b6a4-705ce081b463')]"
},
"UACRunAllAdministratorsInAdminApprovalMode": {
"value": "[parameters('UACRunAllAdministratorsInAdminApprovalMode-492a29ed-d143-4f03-b6a4-705ce081b463')]"
},
"effect": {
"value": "[parameters('effect-492a29ed-d143-4f03-b6a4-705ce081b463')]"
}
}
},
{
"policyDefinitionReferenceId": "35d9882c-993d-44e6-87d2-db66ce21b636",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallDomainUseProfileSettings": {
"value": "[parameters('WindowsFirewallDomainUseProfileSettings-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallDomainBehaviorForOutboundConnections": {
"value": "[parameters('WindowsFirewallDomainBehaviorForOutboundConnections-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallDomainApplyLocalConnectionSecurityRules": {
"value": "[parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallDomainApplyLocalFirewallRules": {
"value": "[parameters('WindowsFirewallDomainApplyLocalFirewallRules-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallDomainDisplayNotifications": {
"value": "[parameters('WindowsFirewallDomainDisplayNotifications-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallPrivateUseProfileSettings": {
"value": "[parameters('WindowsFirewallPrivateUseProfileSettings-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallPrivateBehaviorForOutboundConnections": {
"value": "[parameters('WindowsFirewallPrivateBehaviorForOutboundConnections-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallPrivateApplyLocalConnectionSecurityRules": {
"value": "[parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallPrivateApplyLocalFirewallRules": {
"value": "[parameters('WindowsFirewallPrivateApplyLocalFirewallRules-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallPrivateDisplayNotifications": {
"value": "[parameters('WindowsFirewallPrivateDisplayNotifications-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallPublicUseProfileSettings": {
"value": "[parameters('WindowsFirewallPublicUseProfileSettings-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallPublicBehaviorForOutboundConnections": {
"value": "[parameters('WindowsFirewallPublicBehaviorForOutboundConnections-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallPublicApplyLocalConnectionSecurityRules": {
"value": "[parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallPublicApplyLocalFirewallRules": {
"value": "[parameters('WindowsFirewallPublicApplyLocalFirewallRules-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallPublicDisplayNotifications": {
"value": "[parameters('WindowsFirewallPublicDisplayNotifications-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallDomainAllowUnicastResponse": {
"value": "[parameters('WindowsFirewallDomainAllowUnicastResponse-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallPrivateAllowUnicastResponse": {
"value": "[parameters('WindowsFirewallPrivateAllowUnicastResponse-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"WindowsFirewallPublicAllowUnicastResponse": {
"value": "[parameters('WindowsFirewallPublicAllowUnicastResponse-35d9882c-993d-44e6-87d2-db66ce21b636')]"
},
"effect": {
"value": "[parameters('effect-35d9882c-993d-44e6-87d2-db66ce21b636')]"
}
}
},
{
"policyDefinitionReferenceId": "d38fc420-0735-4ef3-ac11-c806f651a570",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_BCR_08",
"CSA_v4.0.12_CEK_08",
"CSA_v4.0.12_CEK_20"
],
"parameters": {
"effect": {
"value": "[parameters('effect-d38fc420-0735-4ef3-ac11-c806f651a570')]"
}
}
},
{
"policyDefinitionReferenceId": "ebb67efd-3c46-49b0-adfe-5599eb944998",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ebb67efd-3c46-49b0-adfe-5599eb944998",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_06"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-ebb67efd-3c46-49b0-adfe-5599eb944998')]"
},
"installedApplication": {
"value": "[parameters('installedApplication-ebb67efd-3c46-49b0-adfe-5599eb944998')]"
}
}
},
{
"policyDefinitionReferenceId": "c9299215-ae47-4f50-9c54-8a392f68a052",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-c9299215-ae47-4f50-9c54-8a392f68a052')]"
}
}
},
{
"policyDefinitionReferenceId": "60d21c4f-21a3-4d94-85f4-b924e6aeeda4",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/60d21c4f-21a3-4d94-85f4-b924e6aeeda4",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_02",
"CSA_v4.0.12_CCC_02",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_09",
"CSA_v4.0.12_UEM_03",
"CSA_v4.0.12_UEM_05",
"CSA_v4.0.12_HRS_04"
],
"parameters": {
"effect": {
"value": "[parameters('effect-60d21c4f-21a3-4d94-85f4-b924e6aeeda4')]"
}
}
},
{
"policyDefinitionReferenceId": "f1776c76-f58c-4245-a8d0-2b207198dc8b",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f1776c76-f58c-4245-a8d0-2b207198dc8b",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_HRS_04"
],
"parameters": {
"effect": {
"value": "[parameters('effect-f1776c76-f58c-4245-a8d0-2b207198dc8b')]"
},
"virtualNetworkGatewayId": {
"value": "[parameters('virtualNetworkGatewayId-f1776c76-f58c-4245-a8d0-2b207198dc8b')]"
}
}
},
{
"policyDefinitionReferenceId": "11e3da8c-1d68-4392-badd-0ff3c43ab5b0",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/11e3da8c-1d68-4392-badd-0ff3c43ab5b0",
"definitionVersion": "1.*.*-preview",
"groupNames": [
"CSA_v4.0.12_HRS_04",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-11e3da8c-1d68-4392-badd-0ff3c43ab5b0')]"
}
}
},
{
"policyDefinitionReferenceId": "7698e800-9299-47a6-b3b6-5a0fee576eed",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7698e800-9299-47a6-b3b6-5a0fee576eed",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_DSP_04",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_10",
"CSA_v4.0.12_DSP_17"
],
"parameters": {
"effect": {
"value": "[parameters('effect-7698e800-9299-47a6-b3b6-5a0fee576eed')]"
}
}
},
{
"policyDefinitionReferenceId": "383856f8-de7f-44a2-81fc-e5135b5c2aa4",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-383856f8-de7f-44a2-81fc-e5135b5c2aa4')]"
},
"requiredRetentionDays": {
"value": "[parameters('requiredRetentionDays-383856f8-de7f-44a2-81fc-e5135b5c2aa4')]"
}
}
},
{
"policyDefinitionReferenceId": "fc26e2fd-3149-74b4-5988-d64bb90f8ef7",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fc26e2fd-3149-74b4-5988-d64bb90f8ef7",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_BCR_08",
"CSA_v4.0.12_BCR_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-fc26e2fd-3149-74b4-5988-d64bb90f8ef7')]"
}
}
},
{
"policyDefinitionReferenceId": "adbe85b5-83e6-4350-ab58-bf3a4f736e5e",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/adbe85b5-83e6-4350-ab58-bf3a4f736e5e",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-adbe85b5-83e6-4350-ab58-bf3a4f736e5e')]"
}
}
},
{
"policyDefinitionReferenceId": "0820b7b9-23aa-4725-a1ce-ae4558f718e5",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0820b7b9-23aa-4725-a1ce-ae4558f718e5",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5')]"
}
}
},
{
"policyDefinitionReferenceId": "c39ba22d-4428-4149-b981-70acb31fc383",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c39ba22d-4428-4149-b981-70acb31fc383",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_BCR_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-c39ba22d-4428-4149-b981-70acb31fc383')]"
}
}
},
{
"policyDefinitionReferenceId": "47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8",
"definitionVersion": "5.*.*",
"groupNames": [
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_TVM_09",
"CSA_v4.0.12_TVM_01",
"CSA_v4.0.12_UEM_05",
"CSA_v4.0.12_GRC_04"
],
"parameters": {
"source": {
"value": "[parameters('source-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8')]"
},
"warn": {
"value": "[parameters('warn-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8')]"
},
"effect": {
"value": "[parameters('effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8')]"
},
"excludedNamespaces": {
"value": "[parameters('excludedNamespaces-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8')]"
},
"namespaces": {
"value": "[parameters('namespaces-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8')]"
},
"labelSelector": {
"value": "[parameters('labelSelector-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8')]"
},
"excludedImages": {
"value": "[parameters('excludedImages-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8')]"
}
}
},
{
"policyDefinitionReferenceId": "7f89b1eb-583c-429a-8828-af049802c1d9",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07"
],
"parameters": {
"listOfResourceTypes": {
"value": "[parameters('listOfResourceTypes-7f89b1eb-583c-429a-8828-af049802c1d9')]"
},
"logsEnabled": {
"value": "[parameters('logsEnabled-7f89b1eb-583c-429a-8828-af049802c1d9')]"
},
"metricsEnabled": {
"value": "[parameters('metricsEnabled-7f89b1eb-583c-429a-8828-af049802c1d9')]"
}
}
},
{
"policyDefinitionReferenceId": "c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8')]"
}
}
},
{
"policyDefinitionReferenceId": "c5447c04-a4d7-4ba8-a263-c9ee321a6858",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c5447c04-a4d7-4ba8-a263-c9ee321a6858",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11",
"CSA_v4.0.12_LOG_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858')]"
},
"operationName": {
"value": "[parameters('operationName-c5447c04-a4d7-4ba8-a263-c9ee321a6858')]"
}
}
},
{
"policyDefinitionReferenceId": "1c30f9cd-b84c-49cc-aa2c-9288447cc3b3",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1c30f9cd-b84c-49cc-aa2c-9288447cc3b3",
"definitionVersion": "2.*.*-preview",
"groupNames": [
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16"
],
"parameters": {
"effect": {
"value": "[parameters('effect-1c30f9cd-b84c-49cc-aa2c-9288447cc3b3')]"
}
}
},
{
"policyDefinitionReferenceId": "1cb4d9c2-f88f-4069-bee0-dba239a57b09",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1cb4d9c2-f88f-4069-bee0-dba239a57b09",
"definitionVersion": "4.*.*-preview",
"groupNames": [
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_IVS_07",
"CSA_v4.0.12_TVM_07"
],
"parameters": {
"effect": {
"value": "[parameters('effect-1cb4d9c2-f88f-4069-bee0-dba239a57b09')]"
}
}
},
{
"policyDefinitionReferenceId": "f2143251-70de-4e81-87a8-36cee5a2f29d",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f2143251-70de-4e81-87a8-36cee5a2f29d",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_03",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_UEM_08"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-f2143251-70de-4e81-87a8-36cee5a2f29d')]"
},
"EnforcePasswordHistory": {
"value": "[parameters('EnforcePasswordHistory-f2143251-70de-4e81-87a8-36cee5a2f29d')]"
},
"MaximumPasswordAge": {
"value": "[parameters('MaximumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d')]"
},
"MinimumPasswordAge": {
"value": "[parameters('MinimumPasswordAge-f2143251-70de-4e81-87a8-36cee5a2f29d')]"
},
"MinimumPasswordLength": {
"value": "[parameters('MinimumPasswordLength-f2143251-70de-4e81-87a8-36cee5a2f29d')]"
},
"PasswordMustMeetComplexityRequirements": {
"value": "[parameters('PasswordMustMeetComplexityRequirements-f2143251-70de-4e81-87a8-36cee5a2f29d')]"
},
"effect": {
"value": "[parameters('effect-f2143251-70de-4e81-87a8-36cee5a2f29d')]"
}
}
},
{
"policyDefinitionReferenceId": "cf820ca0-f99e-4f3e-84fb-66e913812d21",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21",
"definitionVersion": "5.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-cf820ca0-f99e-4f3e-84fb-66e913812d21')]"
},
"requiredRetentionDays": {
"value": "[parameters('requiredRetentionDays-cf820ca0-f99e-4f3e-84fb-66e913812d21')]"
}
}
},
{
"policyDefinitionReferenceId": "146412e9-005c-472b-9e48-c87b72ac229e",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/146412e9-005c-472b-9e48-c87b72ac229e",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_11",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14"
],
"parameters": {
"effect": {
"value": "[parameters('effect-146412e9-005c-472b-9e48-c87b72ac229e')]"
}
}
},
{
"policyDefinitionReferenceId": "72650e9f-97bc-4b2a-ab5f-9781a9fcecbc",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/72650e9f-97bc-4b2a-ab5f-9781a9fcecbc",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_02",
"CSA_v4.0.12_CCC_02",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_09",
"CSA_v4.0.12_UEM_03",
"CSA_v4.0.12_UEM_05",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-72650e9f-97bc-4b2a-ab5f-9781a9fcecbc')]"
},
"effect": {
"value": "[parameters('effect-72650e9f-97bc-4b2a-ab5f-9781a9fcecbc')]"
}
}
},
{
"policyDefinitionReferenceId": "32e6bbec-16b6-44c2-be37-c5b672d103cf",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_DSP_04",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_10",
"CSA_v4.0.12_DSP_17"
],
"parameters": {
"effect": {
"value": "[parameters('effect-32e6bbec-16b6-44c2-be37-c5b672d103cf')]"
}
}
},
{
"policyDefinitionReferenceId": "bd876905-5b84-4f73-ab2d-2e7a7c4568d9",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bd876905-5b84-4f73-ab2d-2e7a7c4568d9",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-bd876905-5b84-4f73-ab2d-2e7a7c4568d9')]"
}
}
},
{
"policyDefinitionReferenceId": "34f95f76-5386-4de7-b824-0d8478470c9d",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d",
"definitionVersion": "5.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-34f95f76-5386-4de7-b824-0d8478470c9d')]"
},
"requiredRetentionDays": {
"value": "[parameters('requiredRetentionDays-34f95f76-5386-4de7-b824-0d8478470c9d')]"
}
}
},
{
"policyDefinitionReferenceId": "8ac833bd-f505-48d5-887e-c993a1d3eea0",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8ac833bd-f505-48d5-887e-c993a1d3eea0",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16"
],
"parameters": {
"effect": {
"value": "[parameters('effect-8ac833bd-f505-48d5-887e-c993a1d3eea0')]"
}
}
},
{
"policyDefinitionReferenceId": "a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9')]"
},
"setting": {
"value": "[parameters('setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9')]"
}
}
},
{
"policyDefinitionReferenceId": "ac01ad65-10e5-46df-bdd9-6b0cad13e1d2",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac01ad65-10e5-46df-bdd9-6b0cad13e1d2",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_01",
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_CEK_04",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_13",
"CSA_v4.0.12_CEK_14",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_17",
"CSA_v4.0.12_CEK_18",
"CSA_v4.0.12_CEK_19",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_CEK_21"
],
"parameters": {
"effect": {
"value": "[parameters('effect-ac01ad65-10e5-46df-bdd9-6b0cad13e1d2')]"
}
}
},
{
"policyDefinitionReferenceId": "e15effd4-2278-4c65-a0da-4d6f6d1890e2",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e15effd4-2278-4c65-a0da-4d6f6d1890e2",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_IAM_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-e15effd4-2278-4c65-a0da-4d6f6d1890e2')]"
}
}
},
{
"policyDefinitionReferenceId": "7926a6d1-b268-4586-8197-e8ae90c877d7",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7926a6d1-b268-4586-8197-e8ae90c877d7",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12"
],
"parameters": {
"effect": {
"value": "[parameters('effect-7926a6d1-b268-4586-8197-e8ae90c877d7')]"
}
}
},
{
"policyDefinitionReferenceId": "82067dbb-e53b-4e06-b631-546d197452d9",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_02"
],
"parameters": {
"minimumRSAKeySize": {
"value": "[parameters('minimumRSAKeySize-82067dbb-e53b-4e06-b631-546d197452d9')]"
},
"effect": {
"value": "[parameters('effect-82067dbb-e53b-4e06-b631-546d197452d9')]"
}
}
},
{
"policyDefinitionReferenceId": "12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_16"
],
"parameters": {
"effect": {
"value": "[parameters('effect-12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5')]"
}
}
},
{
"policyDefinitionReferenceId": "a8793640-60f7-487c-b5c3-1d37215905c4",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_DSP_04",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_10",
"CSA_v4.0.12_DSP_17"
],
"parameters": {
"effect": {
"value": "[parameters('effect-a8793640-60f7-487c-b5c3-1d37215905c4')]"
}
}
},
{
"policyDefinitionReferenceId": "41388f1c-2db0-4c25-95b2-35d7f5ccbfa9",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/41388f1c-2db0-4c25-95b2-35d7f5ccbfa9",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9')]"
}
}
},
{
"policyDefinitionReferenceId": "58383b73-94a9-4414-b382-4146eb02611b",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/58383b73-94a9-4414-b382-4146eb02611b",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11",
"CSA_v4.0.12_LOG_05"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-58383b73-94a9-4414-b382-4146eb02611b')]"
},
"AuditProcessTermination": {
"value": "[parameters('AuditProcessTermination-58383b73-94a9-4414-b382-4146eb02611b')]"
},
"effect": {
"value": "[parameters('effect-58383b73-94a9-4414-b382-4146eb02611b')]"
}
}
},
{
"policyDefinitionReferenceId": "32133ab0-ee4b-4b44-98d6-042180979d50",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50",
"definitionVersion": "2.*.*-preview",
"groupNames": [
"CSA_v4.0.12_CCC_06",
"CSA_v4.0.12_CEK_05",
"CSA_v4.0.12_CEK_06",
"CSA_v4.0.12_CEK_07",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_DCS_05",
"CSA_v4.0.12_DCS_06",
"CSA_v4.0.12_UEM_04",
"CSA_v4.0.12_UEM_07",
"CSA_v4.0.12_UEM_12",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"listOfImageIdToInclude_windows": {
"value": "[parameters('listOfImageIdToInclude_windows-32133ab0-ee4b-4b44-98d6-042180979d50')]"
},
"listOfImageIdToInclude_linux": {
"value": "[parameters('listOfImageIdToInclude_linux-32133ab0-ee4b-4b44-98d6-042180979d50')]"
},
"effect": {
"value": "[parameters('effect-32133ab0-ee4b-4b44-98d6-042180979d50')]"
}
}
},
{
"policyDefinitionReferenceId": "0a370ff3-6cab-4e85-8995-295fd854c5b8",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_01",
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_CEK_04",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_13",
"CSA_v4.0.12_CEK_14",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_17",
"CSA_v4.0.12_CEK_18",
"CSA_v4.0.12_CEK_19",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_CEK_21"
],
"parameters": {
"effect": {
"value": "[parameters('effect-0a370ff3-6cab-4e85-8995-295fd854c5b8')]"
}
}
},
{
"policyDefinitionReferenceId": "06a78e20-9358-41c9-923c-fb736d382a4d",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_STA_12",
"CSA_v4.0.12_UEM_02"
],
"parameters": {}
},
{
"policyDefinitionReferenceId": "d63edb4a-c612-454d-b47d-191a724fcbf0",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d63edb4a-c612-454d-b47d-191a724fcbf0",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-d63edb4a-c612-454d-b47d-191a724fcbf0')]"
}
}
},
{
"policyDefinitionReferenceId": "9dfea752-dd46-4766-aed1-c355fa93fb91",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9dfea752-dd46-4766-aed1-c355fa93fb91",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-9dfea752-dd46-4766-aed1-c355fa93fb91')]"
}
}
},
{
"policyDefinitionReferenceId": "ca88aadc-6e2b-416c-9de2-5a0f01d1693f",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ca88aadc-6e2b-416c-9de2-5a0f01d1693f",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_17",
"CSA_v4.0.12_UEM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-ca88aadc-6e2b-416c-9de2-5a0f01d1693f')]"
}
}
},
{
"policyDefinitionReferenceId": "9b597639-28e4-48eb-b506-56b05d366257",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9b597639-28e4-48eb-b506-56b05d366257",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CCC_06",
"CSA_v4.0.12_CEK_05",
"CSA_v4.0.12_CEK_06",
"CSA_v4.0.12_CEK_07",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_DCS_05",
"CSA_v4.0.12_DCS_06",
"CSA_v4.0.12_UEM_04",
"CSA_v4.0.12_UEM_07",
"CSA_v4.0.12_UEM_12"
],
"parameters": {
"effect": {
"value": "[parameters('effect-9b597639-28e4-48eb-b506-56b05d366257')]"
}
}
},
{
"policyDefinitionReferenceId": "438c38d2-3772-465a-a9cc-7a6666a275ce",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/438c38d2-3772-465a-a9cc-7a6666a275ce",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-438c38d2-3772-465a-a9cc-7a6666a275ce')]"
}
}
},
{
"policyDefinitionReferenceId": "95bccee9-a7f8-4bec-9ee9-62c3473701fc",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/95bccee9-a7f8-4bec-9ee9-62c3473701fc",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_DCS_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-95bccee9-a7f8-4bec-9ee9-62c3473701fc')]"
}
}
},
{
"policyDefinitionReferenceId": "a21f8c92-9e22-4f09-b759-50500d1d2dda",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a21f8c92-9e22-4f09-b759-50500d1d2dda",
"definitionVersion": "5.*.*-preview",
"groupNames": [
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_IVS_07",
"CSA_v4.0.12_TVM_07"
],
"parameters": {
"effect": {
"value": "[parameters('effect-a21f8c92-9e22-4f09-b759-50500d1d2dda')]"
}
}
},
{
"policyDefinitionReferenceId": "fdccbe47-f3e3-4213-ad5d-ea459b2fa077",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_IAM_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-fdccbe47-f3e3-4213-ad5d-ea459b2fa077')]"
}
}
},
{
"policyDefinitionReferenceId": "d2e7ea85-6b44-4317-a0be-1b951587f626",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d2e7ea85-6b44-4317-a0be-1b951587f626",
"definitionVersion": "5.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-d2e7ea85-6b44-4317-a0be-1b951587f626')]"
},
"excludedNamespaces": {
"value": "[parameters('excludedNamespaces-d2e7ea85-6b44-4317-a0be-1b951587f626')]"
},
"namespaces": {
"value": "[parameters('namespaces-d2e7ea85-6b44-4317-a0be-1b951587f626')]"
},
"labelSelector": {
"value": "[parameters('labelSelector-d2e7ea85-6b44-4317-a0be-1b951587f626')]"
},
"excludedContainers": {
"value": "[parameters('excludedContainers-d2e7ea85-6b44-4317-a0be-1b951587f626')]"
},
"excludedImages": {
"value": "[parameters('excludedImages-d2e7ea85-6b44-4317-a0be-1b951587f626')]"
}
}
},
{
"policyDefinitionReferenceId": "057ef27e-665e-4328-8ea3-04b3122bd9fb",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb",
"definitionVersion": "5.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-057ef27e-665e-4328-8ea3-04b3122bd9fb')]"
},
"requiredRetentionDays": {
"value": "[parameters('requiredRetentionDays-057ef27e-665e-4328-8ea3-04b3122bd9fb')]"
}
}
},
{
"policyDefinitionReferenceId": "77e8b146-0078-4fb2-b002-e112381199f0",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/77e8b146-0078-4fb2-b002-e112381199f0",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05"
],
"parameters": {
"subnetId": {
"value": "[parameters('subnetId-77e8b146-0078-4fb2-b002-e112381199f0')]"
}
}
},
{
"policyDefinitionReferenceId": "d31e5c31-63b2-4f12-887b-e49456834fa1",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d31e5c31-63b2-4f12-887b-e49456834fa1",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12"
],
"parameters": {
"effect": {
"value": "[parameters('effect-d31e5c31-63b2-4f12-887b-e49456834fa1')]"
}
}
},
{
"policyDefinitionReferenceId": "0e6763cc-5078-4e64-889d-ff4d9a839047",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-0e6763cc-5078-4e64-889d-ff4d9a839047')]"
}
}
},
{
"policyDefinitionReferenceId": "b4dec045-250a-48c2-b5cc-e0c4eec8b5b4",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4dec045-250a-48c2-b5cc-e0c4eec8b5b4",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_03",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15"
],
"parameters": {
"effect": {
"value": "[parameters('effect-b4dec045-250a-48c2-b5cc-e0c4eec8b5b4')]"
}
}
},
{
"policyDefinitionReferenceId": "b52376f7-9612-48a1-81cd-1ffe4b61032c",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_IAM_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-b52376f7-9612-48a1-81cd-1ffe4b61032c')]"
}
}
},
{
"policyDefinitionReferenceId": "12430be1-6cc8-4527-a9a8-e3d38f250096",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-12430be1-6cc8-4527-a9a8-e3d38f250096')]"
},
"modeRequirement": {
"value": "[parameters('modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096')]"
}
}
},
{
"policyDefinitionReferenceId": "0a9fbe0d-c5c4-4da8-87d8-f4fd77338835",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a9fbe0d-c5c4-4da8-87d8-f4fd77338835",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12"
],
"parameters": {
"effect": {
"value": "[parameters('effect-0a9fbe0d-c5c4-4da8-87d8-f4fd77338835')]"
}
}
},
{
"policyDefinitionReferenceId": "7bdb79ea-16b8-453e-4ca4-ad5b16012414",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7bdb79ea-16b8-453e-4ca4-ad5b16012414",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_BCR_08",
"CSA_v4.0.12_BCR_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-7bdb79ea-16b8-453e-4ca4-ad5b16012414')]"
}
}
},
{
"policyDefinitionReferenceId": "549814b6-3212-4203-bdc8-1548d342fb67",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/549814b6-3212-4203-bdc8-1548d342fb67",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-549814b6-3212-4203-bdc8-1548d342fb67')]"
}
}
},
{
"policyDefinitionReferenceId": "d8cf8476-a2ec-4916-896e-992351803c44",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d8cf8476-a2ec-4916-896e-992351803c44",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CEK_05",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_CEK_01",
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_CEK_04",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_13",
"CSA_v4.0.12_CEK_14",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_17",
"CSA_v4.0.12_CEK_18"
],
"parameters": {
"maximumDaysToRotate": {
"value": "[parameters('maximumDaysToRotate-d8cf8476-a2ec-4916-896e-992351803c44')]"
},
"effect": {
"value": "[parameters('effect-d8cf8476-a2ec-4916-896e-992351803c44')]"
}
}
},
{
"policyDefinitionReferenceId": "b02aacc0-b073-424e-8298-42b22829ee0a",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b02aacc0-b073-424e-8298-42b22829ee0a",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DSP_16",
"CSA_v4.0.12_LOG_02"
],
"parameters": {
"effect": {
"value": "[parameters('effect-b02aacc0-b073-424e-8298-42b22829ee0a')]"
}
}
},
{
"policyDefinitionReferenceId": "245fc9df-fa96-4414-9a0b-3738c2f7341c",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/245fc9df-fa96-4414-9a0b-3738c2f7341c",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-245fc9df-fa96-4414-9a0b-3738c2f7341c')]"
},
"requiredRetentionDays": {
"value": "[parameters('requiredRetentionDays-245fc9df-fa96-4414-9a0b-3738c2f7341c')]"
}
}
},
{
"policyDefinitionReferenceId": "af99038c-02fd-4a2f-ac24-386b62bf32de",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af99038c-02fd-4a2f-ac24-386b62bf32de",
"definitionVersion": "1.*.*-preview",
"groupNames": [
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-af99038c-02fd-4a2f-ac24-386b62bf32de')]"
}
}
},
{
"policyDefinitionReferenceId": "22730e10-96f6-4aac-ad84-9383d35b5917",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"effect": {
"value": "[parameters('effect-22730e10-96f6-4aac-ad84-9383d35b5917')]"
}
}
},
{
"policyDefinitionReferenceId": "044985bb-afe1-42cd-8a36-9d5d42424537",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_01",
"CSA_v4.0.12_CEK_02",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_CEK_04",
"CSA_v4.0.12_CEK_10",
"CSA_v4.0.12_CEK_11",
"CSA_v4.0.12_CEK_12",
"CSA_v4.0.12_CEK_13",
"CSA_v4.0.12_CEK_14",
"CSA_v4.0.12_CEK_15",
"CSA_v4.0.12_CEK_16",
"CSA_v4.0.12_CEK_17",
"CSA_v4.0.12_CEK_18",
"CSA_v4.0.12_CEK_19",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_CEK_21"
],
"parameters": {
"effect": {
"value": "[parameters('effect-044985bb-afe1-42cd-8a36-9d5d42424537')]"
}
}
},
{
"policyDefinitionReferenceId": "ea4d6841-2173-4317-9747-ff522a45120f",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea4d6841-2173-4317-9747-ff522a45120f",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_HRS_04",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_DSP_04",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_10",
"CSA_v4.0.12_DSP_17"
],
"parameters": {
"effect": {
"value": "[parameters('effect-ea4d6841-2173-4317-9747-ff522a45120f')]"
}
}
},
{
"policyDefinitionReferenceId": "d38668f5-d155-42c7-ab3d-9b57b50f8fbf",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d38668f5-d155-42c7-ab3d-9b57b50f8fbf",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12"
],
"parameters": {
"effect": {
"value": "[parameters('effect-d38668f5-d155-42c7-ab3d-9b57b50f8fbf')]"
}
}
},
{
"policyDefinitionReferenceId": "abda6d70-9778-44e7-84a8-06713e6db027",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abda6d70-9778-44e7-84a8-06713e6db027",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_11",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14"
],
"parameters": {
"effect": {
"value": "[parameters('effect-abda6d70-9778-44e7-84a8-06713e6db027')]"
}
}
},
{
"policyDefinitionReferenceId": "090c7b07-b4ed-4561-ad20-e9075f3ccaff",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/090c7b07-b4ed-4561-ad20-e9075f3ccaff",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-090c7b07-b4ed-4561-ad20-e9075f3ccaff')]"
}
}
},
{
"policyDefinitionReferenceId": "5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_HRS_06",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"listOfImageIdToInclude_windows": {
"value": "[parameters('listOfImageIdToInclude_windows-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138')]"
},
"listOfImageIdToInclude_linux": {
"value": "[parameters('listOfImageIdToInclude_linux-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138')]"
},
"effect": {
"value": "[parameters('effect-5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138')]"
}
}
},
{
"policyDefinitionReferenceId": "1b7aa243-30e4-4c9e-bca8-d0d3022b634a",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_BCR_11",
"CSA_v4.0.12_STA_12",
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a')]"
}
}
},
{
"policyDefinitionReferenceId": "0564d078-92f5-4f97-8398-b9f58a51f70b",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0564d078-92f5-4f97-8398-b9f58a51f70b",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_DSP_04",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_10",
"CSA_v4.0.12_DSP_17"
],
"parameters": {
"effect": {
"value": "[parameters('effect-0564d078-92f5-4f97-8398-b9f58a51f70b')]"
}
}
},
{
"policyDefinitionReferenceId": "17f4b1cc-c55c-4d94-b1f9-2978f6ac2957",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17f4b1cc-c55c-4d94-b1f9-2978f6ac2957",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-17f4b1cc-c55c-4d94-b1f9-2978f6ac2957')]"
}
}
},
{
"policyDefinitionReferenceId": "c95c74d9-38fe-4f0d-af86-0c7d626a315c",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c",
"definitionVersion": "5.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-c95c74d9-38fe-4f0d-af86-0c7d626a315c')]"
},
"requiredRetentionDays": {
"value": "[parameters('requiredRetentionDays-c95c74d9-38fe-4f0d-af86-0c7d626a315c')]"
}
}
},
{
"policyDefinitionReferenceId": "0a1302fb-a631-4106-9753-f3d494733990",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a1302fb-a631-4106-9753-f3d494733990",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_DSP_04",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_10",
"CSA_v4.0.12_DSP_17"
],
"parameters": {
"effect": {
"value": "[parameters('effect-0a1302fb-a631-4106-9753-f3d494733990')]"
}
}
},
{
"policyDefinitionReferenceId": "b954148f-4c11-4c38-8221-be76711e194a",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b954148f-4c11-4c38-8221-be76711e194a",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11",
"CSA_v4.0.12_LOG_05",
"CSA_v4.0.12_CEK_03"
],
"parameters": {
"effect": {
"value": "[parameters('effect-b954148f-4c11-4c38-8221-be76711e194a')]"
},
"operationName": {
"value": "[parameters('operationName-b954148f-4c11-4c38-8221-be76711e194a')]"
}
}
},
{
"policyDefinitionReferenceId": "3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd')]"
},
"NetworkAccessRemotelyAccessibleRegistryPaths": {
"value": "[parameters('NetworkAccessRemotelyAccessibleRegistryPaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd')]"
},
"NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths": {
"value": "[parameters('NetworkAccessRemotelyAccessibleRegistryPathsAndSubpaths-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd')]"
},
"NetworkAccessSharesThatCanBeAccessedAnonymously": {
"value": "[parameters('NetworkAccessSharesThatCanBeAccessedAnonymously-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd')]"
},
"effect": {
"value": "[parameters('effect-3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd')]"
}
}
},
{
"policyDefinitionReferenceId": "0fea8f8a-4169-495d-8307-30ec335f387d",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0fea8f8a-4169-495d-8307-30ec335f387d",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-0fea8f8a-4169-495d-8307-30ec335f387d')]"
}
}
},
{
"policyDefinitionReferenceId": "f110a506-2dcb-422e-bcea-d533fc8c35e2",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f110a506-2dcb-422e-bcea-d533fc8c35e2",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08"
],
"parameters": {
"effects": {
"value": "[parameters('effects-f110a506-2dcb-422e-bcea-d533fc8c35e2')]"
}
}
},
{
"policyDefinitionReferenceId": "bfecdea6-31c4-4045-ad42-71b9dc87247d",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_17",
"CSA_v4.0.12_UEM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-bfecdea6-31c4-4045-ad42-71b9dc87247d')]"
}
}
},
{
"policyDefinitionReferenceId": "19dd1db6-f442-49cf-a838-b0786b4401ef",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/19dd1db6-f442-49cf-a838-b0786b4401ef",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_03",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16"
],
"parameters": {
"effect": {
"value": "[parameters('effect-19dd1db6-f442-49cf-a838-b0786b4401ef')]"
}
}
},
{
"policyDefinitionReferenceId": "d9844e8a-1437-4aeb-a32c-0c992f056095",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_IAM_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-d9844e8a-1437-4aeb-a32c-0c992f056095')]"
}
}
},
{
"policyDefinitionReferenceId": "e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9')]"
}
}
},
{
"policyDefinitionReferenceId": "ee984370-154a-4ee8-9726-19d900e56fc0",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ee984370-154a-4ee8-9726-19d900e56fc0",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-ee984370-154a-4ee8-9726-19d900e56fc0')]"
},
"AccountsGuestAccountStatus": {
"value": "[parameters('AccountsGuestAccountStatus-ee984370-154a-4ee8-9726-19d900e56fc0')]"
},
"effect": {
"value": "[parameters('effect-ee984370-154a-4ee8-9726-19d900e56fc0')]"
}
}
},
{
"policyDefinitionReferenceId": "1f90fc71-a595-4066-8974-d4d0802e8ef0",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f90fc71-a595-4066-8974-d4d0802e8ef0",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IVS_04",
"CSA_v4.0.12_AIS_04"
],
"parameters": {
"effect": {
"value": "[parameters('effect-1f90fc71-a595-4066-8974-d4d0802e8ef0')]"
}
}
},
{
"policyDefinitionReferenceId": "f85bf3e0-d513-442e-89c3-1784ad63382b",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f85bf3e0-d513-442e-89c3-1784ad63382b",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_01",
"CSA_v4.0.12_CCC_02",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_CCC_05",
"CSA_v4.0.12_CCC_06",
"CSA_v4.0.12_CCC_08",
"CSA_v4.0.12_CCC_09",
"CSA_v4.0.12_CEK_05",
"CSA_v4.0.12_CEK_06",
"CSA_v4.0.12_CEK_07",
"CSA_v4.0.12_CEK_20",
"CSA_v4.0.12_DSP_03",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_08",
"CSA_v4.0.12_DSP_12"
],
"parameters": {
"effect": {
"value": "[parameters('effect-f85bf3e0-d513-442e-89c3-1784ad63382b')]"
}
}
},
{
"policyDefinitionReferenceId": "78215662-041e-49ed-a9dd-5385911b3a1f",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/78215662-041e-49ed-a9dd-5385911b3a1f",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16"
],
"parameters": {
"effect": {
"value": "[parameters('effect-78215662-041e-49ed-a9dd-5385911b3a1f')]"
}
}
},
{
"policyDefinitionReferenceId": "df73bd95-24da-4a4f-96b9-4e8b94b402bd",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-df73bd95-24da-4a4f-96b9-4e8b94b402bd')]"
},
"endpointType": {
"value": "[parameters('endpointType-df73bd95-24da-4a4f-96b9-4e8b94b402bd')]"
}
}
},
{
"policyDefinitionReferenceId": "d550e854-df1a-4de9-bf44-cd894b39a95e",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d550e854-df1a-4de9-bf44-cd894b39a95e",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_LOG_09",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_UEM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-d550e854-df1a-4de9-bf44-cd894b39a95e')]"
}
}
},
{
"policyDefinitionReferenceId": "1dc2fc00-2245-4143-99f4-874c937f13ef",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1dc2fc00-2245-4143-99f4-874c937f13ef",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_02",
"CSA_v4.0.12_CCC_02",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_UEM_03",
"CSA_v4.0.12_UEM_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-1dc2fc00-2245-4143-99f4-874c937f13ef')]"
}
}
},
{
"policyDefinitionReferenceId": "051cba44-2429-45b9-9649-46cec11c7119",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_17",
"CSA_v4.0.12_UEM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-051cba44-2429-45b9-9649-46cec11c7119')]"
}
}
},
{
"policyDefinitionReferenceId": "e71308d3-144b-4262-b144-efdc3cc90517",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_TVM_04"
],
"parameters": {
"effect": {
"value": "[parameters('effect-e71308d3-144b-4262-b144-efdc3cc90517')]"
}
}
},
{
"policyDefinitionReferenceId": "30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
],
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7')]"
},
"MembersToInclude": {
"value": "[parameters('MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7')]"
}
}
},
{
"policyDefinitionReferenceId": "5d4e3c65-4873-47be-94f3-6f8b953a3598",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5d4e3c65-4873-47be-94f3-6f8b953a3598",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16"
],
"parameters": {
"effect": {
"value": "[parameters('effect-5d4e3c65-4873-47be-94f3-6f8b953a3598')]"
}
}
},
{
"policyDefinitionReferenceId": "564feb30-bf6a-4854-b4bb-0d2d2d1e6c66",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_DSP_10",
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_IVS_07",
"CSA_v4.0.12_TVM_07"
],
"parameters": {
"effect": {
"value": "[parameters('effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66')]"
}
}
},
{
"policyDefinitionReferenceId": "098fc59e-46c7-4d99-9b16-64990e543d75",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/098fc59e-46c7-4d99-9b16-64990e543d75",
"definitionVersion": "6.*.*",
"groupNames": [
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"source": {
"value": "[parameters('source-098fc59e-46c7-4d99-9b16-64990e543d75')]"
},
"warn": {
"value": "[parameters('warn-098fc59e-46c7-4d99-9b16-64990e543d75')]"
},
"effect": {
"value": "[parameters('effect-098fc59e-46c7-4d99-9b16-64990e543d75')]"
},
"excludedNamespaces": {
"value": "[parameters('excludedNamespaces-098fc59e-46c7-4d99-9b16-64990e543d75')]"
},
"namespaces": {
"value": "[parameters('namespaces-098fc59e-46c7-4d99-9b16-64990e543d75')]"
},
"labelSelector": {
"value": "[parameters('labelSelector-098fc59e-46c7-4d99-9b16-64990e543d75')]"
},
"allowedHostPaths": {
"value": "[parameters('allowedHostPaths-098fc59e-46c7-4d99-9b16-64990e543d75')]"
},
"excludedContainers": {
"value": "[parameters('excludedContainers-098fc59e-46c7-4d99-9b16-64990e543d75')]"
},
"excludedImages": {
"value": "[parameters('excludedImages-098fc59e-46c7-4d99-9b16-64990e543d75')]"
}
}
},
{
"policyDefinitionReferenceId": "f9be5368-9bf5-4b84-9e0a-7850da98bb46",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46",
"definitionVersion": "5.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-f9be5368-9bf5-4b84-9e0a-7850da98bb46')]"
},
"requiredRetentionDays": {
"value": "[parameters('requiredRetentionDays-f9be5368-9bf5-4b84-9e0a-7850da98bb46')]"
}
}
},
{
"policyDefinitionReferenceId": "f8d36e2f-389b-4ee4-898d-21aeb69a0f45",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45",
"definitionVersion": "5.*.*",
"groupNames": [
"CSA_v4.0.12_LOG_07",
"CSA_v4.0.12_LOG_08",
"CSA_v4.0.12_LOG_10",
"CSA_v4.0.12_LOG_11"
],
"parameters": {
"effect": {
"value": "[parameters('effect-f8d36e2f-389b-4ee4-898d-21aeb69a0f45')]"
},
"requiredRetentionDays": {
"value": "[parameters('requiredRetentionDays-f8d36e2f-389b-4ee4-898d-21aeb69a0f45')]"
}
}
},
{
"policyDefinitionReferenceId": "013e242c-8828-4970-87b3-ab247555486d",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d",
"definitionVersion": "3.*.*",
"groupNames": [
"CSA_v4.0.12_BCR_08",
"CSA_v4.0.12_CEK_08",
"CSA_v4.0.12_CEK_20"
],
"parameters": {
"effect": {
"value": "[parameters('effect-013e242c-8828-4970-87b3-ab247555486d')]"
}
}
},
{
"policyDefinitionReferenceId": "6c53d030-cc64-46f0-906d-2bc061cd1334",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6c53d030-cc64-46f0-906d-2bc061cd1334",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_LOG_09",
"CSA_v4.0.12_LOG_04",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-6c53d030-cc64-46f0-906d-2bc061cd1334')]"
}
}
},
{
"policyDefinitionReferenceId": "8405fdab-1faf-48aa-b702-999c9c172094",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8405fdab-1faf-48aa-b702-999c9c172094",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-8405fdab-1faf-48aa-b702-999c9c172094')]"
}
}
},
{
"policyDefinitionReferenceId": "b5ec538c-daa0-4006-8596-35468b9148e8",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b5ec538c-daa0-4006-8596-35468b9148e8",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_CEK_03",
"CSA_v4.0.12_DSP_07",
"CSA_v4.0.12_DSP_17",
"CSA_v4.0.12_UEM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-b5ec538c-daa0-4006-8596-35468b9148e8')]"
}
}
},
{
"policyDefinitionReferenceId": "21a6bc25-125e-4d13-b82d-2e19b7208ab7",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_11",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14"
],
"parameters": {
"effect": {
"value": "[parameters('effect-21a6bc25-125e-4d13-b82d-2e19b7208ab7')]"
}
}
},
{
"policyDefinitionReferenceId": "6ba6d016-e7c3-4842-b8f2-4992ebc0d72d",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6ba6d016-e7c3-4842-b8f2-4992ebc0d72d",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08"
],
"parameters": {
"effect": {
"value": "[parameters('effect-6ba6d016-e7c3-4842-b8f2-4992ebc0d72d')]"
}
}
},
{
"policyDefinitionReferenceId": "1bc02227-0cb6-4e11-8f53-eb0b22eab7e8",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1bc02227-0cb6-4e11-8f53-eb0b22eab7e8",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_IAM_05",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_LOG_09",
"CSA_v4.0.12_LOG_04",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-1bc02227-0cb6-4e11-8f53-eb0b22eab7e8')]"
}
}
},
{
"policyDefinitionReferenceId": "0a075868-4c26-42ef-914c-5bc007359560",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_01",
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_12",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_14",
"CSA_v4.0.12_IAM_15",
"CSA_v4.0.12_IAM_16"
],
"parameters": {
"maximumValidityInMonths": {
"value": "[parameters('maximumValidityInMonths-0a075868-4c26-42ef-914c-5bc007359560')]"
},
"effect": {
"value": "[parameters('effect-0a075868-4c26-42ef-914c-5bc007359560')]"
}
}
},
{
"policyDefinitionReferenceId": "56fd377d-098c-4f02-8406-81eb055902b8",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8",
"definitionVersion": "1.*.*",
"groupNames": [
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05"
],
"parameters": {
"effect": {
"value": "[parameters('effect-56fd377d-098c-4f02-8406-81eb055902b8')]"
}
}
},
{
"policyDefinitionReferenceId": "e2dd799a-a932-4e9d-ac17-d473bc3c6c10",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10",
"definitionVersion": "2.*.*",
"groupNames": [
"CSA_v4.0.12_AIS_07",
"CSA_v4.0.12_CCC_07",
"CSA_v4.0.12_TVM_04",
"CSA_v4.0.12_TVM_08"
],
"parameters": {
"listOfImageIdToInclude_windows": {
"value": "[parameters('listOfImageIdToInclude_windows-e2dd799a-a932-4e9d-ac17-d473bc3c6c10')]"
},
"listOfImageIdToInclude_linux": {
"value": "[parameters('listOfImageIdToInclude_linux-e2dd799a-a932-4e9d-ac17-d473bc3c6c10')]"
},
"effect": {
"value": "[parameters('effect-e2dd799a-a932-4e9d-ac17-d473bc3c6c10')]"
}
}
},
{
"policyDefinitionReferenceId": "deeddb44-9f94-4903-9fa0-081d524406e3",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/deeddb44-9f94-4903-9fa0-081d524406e3",
"definitionVersion": "2.*.*-preview",
"groupNames": [
"CSA_v4.0.12_HRS_04",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_DSP_10"
],
"parameters": {
"effect": {
"value": "[parameters('effect-deeddb44-9f94-4903-9fa0-081d524406e3')]"
}
}
},
{
"policyDefinitionReferenceId": "9f061a12-e40d-4183-a00e-171812443373",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9f061a12-e40d-4183-a00e-171812443373",
"definitionVersion": "4.*.*",
"groupNames": [
"CSA_v4.0.12_IAM_02",
"CSA_v4.0.12_IAM_04",
"CSA_v4.0.12_IAM_06",
"CSA_v4.0.12_IAM_07",
"CSA_v4.0.12_IAM_10",
"CSA_v4.0.12_IAM_13",
"CSA_v4.0.12_IAM_16",
"CSA_v4.0.12_DCS_02",
"CSA_v4.0.12_DSP_05",
"CSA_v4.0.12_AIS_02",
"CSA_v4.0.12_CCC_02",
"CSA_v4.0.12_CCC_03",
"CSA_v4.0.12_CCC_09",
"CSA_v4.0.12_UEM_03",
"CSA_v4.0.12_UEM_05",
"CSA_v4.0.12_CCC_04"
],
"parameters": {
"source": {
"value": "[parameters('source-9f061a12-e40d-4183-a00e-171812443373')]"
},
"warn": {
"value": "[parameters('warn-9f061a12-e40d-4183-a00e-171812443373')]"
},
"effect": {
"value": "[parameters('effect-9f061a12-e40d-4183-a00e-171812443373')]"
},
"excludedNamespaces": {
"value": "[parameters('excludedNamespaces-9f061a12-e40d-4183-a00e-171812443373')]"
},
"namespaces": {
"value": "[parameters('namespaces-9f061a12-e40d-4183-a00e-171812443373')]"
},
"labelSelector": {
"value": "[parameters('labelSelector-9f061a12-e40d-4183-a00e-171812443373')]"
}
}
}
],
"versions": [
"1.1.0",
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policySetDefinitions/8791506a-dec4-497a-a83f-3abfde37c400",
"name": "8791506a-dec4-497a-a83f-3abfde37c400"
}